CVE-2011-2397

EPSS 3.64%
Veröffentlicht 05.12.2011 11:55:06
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ironmountain ≫ Connected Backup Version8.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.64%	0.875

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/77495

http://www.zerodayinitiative.com/advisories/ZDI-11-339/

https://exchange.xforce.ibmcloud.com/vulnerabilities/71602

https://nvd.nist.gov/vuln/detail/CVE-2011-2397

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2397

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2397

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2011-2397