7.2

CVE-2004-1054

EPSS 0.36%
Published 10.01.2005 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Aix Version5.1

Ibm ≫ Aix Version5.1l

Ibm ≫ Aix Version5.2

Ibm ≫ Aix Version5.2.2

Ibm ≫ Aix Version5.2_l

Ibm ≫ Aix Version5.3

Ibm ≫ Aix Version5.3_l

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.36%	0.574

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://www-1.ibm.com/support/search.wss?rs=0&q=IY64820&apar=only

http://www-1.ibm.com/support/search.wss?rs=0&q=IY64852&apar=only

http://www-1.ibm.com/support/search.wss?rs=0&q=IY64976&apar=only

http://www.idefense.com/application/poi/display?id=171&type=vulnerabilities

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/18619

https://nvd.nist.gov/vuln/detail/CVE-2004-1054

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-1054

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-1054

EUVD