CVE-2015-7442

Published Jan 2, 2016

Last updated 8 years ago

CVSS high 7.0

Overview

Description: consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.2
Impact score: 10
Exploitability score: 1.9
Vector string: AV:L/AC:H/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:installation_manager:1.7.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18D3ECA6-715B-4D59-9430-6A5DE756F5EC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:installation_manager:1.8.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACDFE958-4E0F-4183-8739-C498FA63F93D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:installation_manager:1.8.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBB0B189-5BE0-48BF-A1A6-DC393DDADBBA"
          },
          {
            "criteria": "cpe:2.3:a:ibm:installation_manager:1.8.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "812CE3AC-A49C-4FDF-85B5-7F9E5415C7B3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:installation_manager:1.8.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A900A7D5-2A90-4D15-9050-8183C914F9D7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:installation_manager:1.8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "665957F6-49DC-4F6B-A32D-BD7B5936E410"
          },
          {
            "criteria": "cpe:2.3:a:ibm:packaging_utility:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07F44DD6-459C-4096-BE39-FC7BF7D7D8A9",
            "versionEndIncluding": "1.7.4.3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:packaging_utility:1.8.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "470A1088-34BD-464B-A067-04C091002C44"
          },
          {
            "criteria": "cpe:2.3:a:ibm:packaging_utility:1.8.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51924861-5DAF-4625-95C2-CD034B938EA6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:packaging_utility:1.8.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44A68A05-B6E4-41BE-BEE1-4D118CEB8041"
          },
          {
            "criteria": "cpe:2.3:a:ibm:packaging_utility:1.8.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B371A4D-D284-4D0F-B108-C17B8B921B20"
          },
          {
            "criteria": "cpe:2.3:a:ibm:packaging_utility:1.8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9367A409-69FD-4AD8-A0DC-93FA996942B8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References