CVE-2009-0880

Published Mar 12, 2009

Last updated 6 years ago

CVSS info 6.8

Overview

Description: Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Evaluator

Comment: -
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D525C638-4015-4E45-9A82-1CABAC1DCC54",
            "versionEndIncluding": "5.20.3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D18E2470-6359-4E0C-83E7-880FA6EC8520"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "622C9C51-0EB7-449F-96F0-07BC976CADDD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B2A9EE4-B5EA-451E-9A50-0BB901A7BD2C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05D211F7-9F61-4E93-8C5E-596B782E0BC3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5EE0669-1042-4580-8883-793C2F4272C4"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92C5D77E-60BC-406F-86F6-2F1F0C9C8E37"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E60AE021-6483-4075-B0F5-4DBF49F5332A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AA0F5AD-D17D-492B-B463-52C40BA0B03B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AD25392-1D9D-47C9-BAE3-7C2B24663A20"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2D5A503-C92F-4EB9-8B5F-F59A1C6FAB76"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "824785BD-CA6D-4FDB-ADB3-428360D2F624"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BCA51AD-90E3-4DC5-BA4A-95A8B55C2DDD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0B3F58B-3D5C-4B3D-BA72-050270D741AE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA69558A-697A-4FEC-A8EA-7E71DF9C4764"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References