Flexera InstallAnywhere has a security vulnerability that could be exploited in IBM eDiscovery Manager.
CVEID: CVE-2016-4560 **
DESCRIPTION:** Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path. An attacker could exploit this vulnerability using a Trojan horse DLL in the current working directory of a setup-launcher executable file to gain elevated privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113016 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
IBM eDiscovery Manager 2.2
IBM eDiscovery Manager 2.2.1
IBM eDiscovery Manager 2.2.2
Install the fix pack by running the installation wizard or by running a silent installation.
To avoid an untrusted search path vulnerability where users could gain increased privileges, perform the following additional steps:
1. Clear all contents (files, sub-directories and etc.,) of your default download directory/location, if any.
2. Create a new secure directory in temporary location (such that elevated privileges are required to access this directory).
3. Copy/extract the setup.exe executable to the secure directory created in Step 2.
4. Launch the executable from the secure directory and wait until it completes.
Important: Do not enter line breaks in the command that you enter to start the installation program.
CPE | Name | Operator | Version |
---|---|---|---|
ediscovery manager | eq | 2.2.2 | |
ediscovery manager | eq | 2.2.1 | |
ediscovery manager | eq | 2.2 |