CVE-2009-3518
Published Oct 1, 2009
Last updated 15 years ago
Overview
- Description
- Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-94
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FECD493-7B46-4F1C-AC12-D779D31402FD",
"versionEndIncluding": "1.3.2"
},
{
"criteria": "cpe:2.3:a:ibm:installation_manager:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "632CE789-4E2F-4B37-A771-57572D7FA9FF"
},
{
"criteria": "cpe:2.3:a:ibm:installation_manager:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "984D6F98-FB9E-4E14-BA1A-5393A382E61C"
},
{
"criteria": "cpe:2.3:a:ibm:installation_manager:1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E47960B-7264-4A44-88D1-F97EE0F43BB4"
},
{
"criteria": "cpe:2.3:a:ibm:installation_manager:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B5BFEE9-DD95-4860-B8A6-4B6C1EF510EC"
}
],
"operator": "OR"
}
]
}
]