Lucene search

[email protected]CVE-2011-1391

HistoryDec 23, 2011 - 10:55 p.m.

CVE-2011-1391

2011-12-2322:55:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2011-1391

blueberry flashback

bb flashback

ibm rational rhapsody

arbitrary code execution

activex control

vulnerability

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.43 Medium

EPSS

Percentile

97.3%

JSON

The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors.

CPENameOperatorVersion
.bbsoftware:bb_flashback.bbsoftware bb flashbackeq*

CPE	Name	Operator	Version
.bbsoftware:bb_flashback	.bbsoftware bb flashback	eq	*

References

secunia.com/advisories/47286

secunia.com/advisories/47310

www-01.ibm.com/support/docview.wss?uid=swg21576352

exchange.xforce.ibmcloud.com/vulnerabilities/71803

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.43 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2011-1391

cvelist1 zdi1 prion1 securityvulns2 nessus2 openvas3 ibm1