CVE-2009-0880
Published Mar 12, 2009
Last updated 6 years ago
Overview
- Description
- Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Evaluator
- Comment
- -
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D525C638-4015-4E45-9A82-1CABAC1DCC54",
"versionEndIncluding": "5.20.3"
},
{
"criteria": "cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D18E2470-6359-4E0C-83E7-880FA6EC8520"
},
{
"criteria": "cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "622C9C51-0EB7-449F-96F0-07BC976CADDD"
},
{
"criteria": "cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B2A9EE4-B5EA-451E-9A50-0BB901A7BD2C"
},
{
"criteria": "cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05D211F7-9F61-4E93-8C5E-596B782E0BC3"
},
{
"criteria": "cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5EE0669-1042-4580-8883-793C2F4272C4"
},
{
"criteria": "cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92C5D77E-60BC-406F-86F6-2F1F0C9C8E37"
},
{
"criteria": "cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E60AE021-6483-4075-B0F5-4DBF49F5332A"
},
{
"criteria": "cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AA0F5AD-D17D-492B-B463-52C40BA0B03B"
},
{
"criteria": "cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AD25392-1D9D-47C9-BAE3-7C2B24663A20"
},
{
"criteria": "cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2D5A503-C92F-4EB9-8B5F-F59A1C6FAB76"
},
{
"criteria": "cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "824785BD-CA6D-4FDB-ADB3-428360D2F624"
},
{
"criteria": "cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BCA51AD-90E3-4DC5-BA4A-95A8B55C2DDD"
},
{
"criteria": "cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0B3F58B-3D5C-4B3D-BA72-050270D741AE"
},
{
"criteria": "cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA69558A-697A-4FEC-A8EA-7E71DF9C4764"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]