| Summary | Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. |
|---|---|
| Summary | Per: http://www.securityfocus.com/archive/1/archive/1/501639/100/0/threaded "The vendor has adressed this vulnerability in service update 2 for IBM https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp |
| Publication Date | March 13, 2009, 12:20 a.m. |
| Registration Date | Jan. 29, 2021, 1:15 p.m. |
| Last Update | Oct. 11, 2018, 4:32 a.m. |
| CVSS2.0 : MEDIUM | |
| Score | 6.8 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 中 |
| 攻撃前の認証要否(Au) | 不要 |
| 機密性への影響(C) | 低 |
| 完全性への影響(I) | 低 |
| 可用性への影響(A) | 低 |
| Get all privileges. | いいえ |
| Get user privileges | いいえ |
| Get other privileges | はい |
| User operation required | いいえ |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:* | 5.20.3 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | ||||