Vulnerability Name: | CVE-2012-0204 (CCN-73255) | ||||||||
Assigned: | 2011-12-14 | ||||||||
Published: | 2013-01-11 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21623501 "CVSS Base Score: 9.3 / CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) a malicious user who has access to a machine with the Import Export Manager installed could execute arbitrary commands in the context of any user who accesses the Import Export Manager application. " Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path' | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2012-0204 Source: CCN Type: SA52020 IBM InfoSphere Information Two Vulnerabilities Source: CCN Type: IBM Security Bulletin 1623501 Multiple security vulnerabilities in the IBM InfoSphere Information Server Suite Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21623501 Source: XF Type: UNKNOWN infosphere-is-dll-code-execution(73255) Source: XF Type: UNKNOWN infosphere-is-dll-code-execution(73255) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |