Lucene search
HistoryJan 04, 2012 - 3:55 a.m.
CVE-2011-1384
ibm aix
invscout.rte
symlink attack
cve-2011-1384
nvd
4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:C/A:N
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
Affected configurations
Node
ibminvscout.rteRange≤2.2.0.18
ORibminvscout.rteMatch2.2.0.2
ORibminvscout.rteMatch2.2.0.4
ORibminvscout.rteMatch2.2.0.7
ORibminvscout.rteMatch2.2.0.8
ORibminvscout.rteMatch2.2.0.9
ORibminvscout.rteMatch2.2.0.10
ORibminvscout.rteMatch2.2.0.11
ORibminvscout.rteMatch2.2.0.12
ORibminvscout.rteMatch2.2.0.13
ORibminvscout.rteMatch2.2.0.14
ORibminvscout.rteMatch2.2.0.15
ORibminvscout.rteMatch2.2.0.17
ibmaixRange≤7.1
ORibmaixMatch5.3
ORibmaixMatch6.1
Related
nvd
nvd
CVE-2011-1384
2012-01-04 03:55:04
prion
prion
Design/Logic Flaw
2012-01-04 03:55:00
cvelist
cvelist
CVE-2011-1384
2012-01-04 02:00:00
nessus
nessus
IBM Inventory Scout < 2.2.0.19 Symlink Vulnerability
2014-05-12 00:00:00
4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:C/A:N
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2011-1384