Lucene search

K
ibmIBMD7003E42BBB90675047D51795AAEDACC95B4FFAA8765FB64E2392FFB56156EC7
HistoryJun 16, 2018 - 9:42 p.m.

Security Bulletin: InstallShield and InstallAnywhere vulnerabilities affect IBM Security Guardium Data Redaction (CVE-2016-2542)

2018-06-1621:42:54
www.ibm.com
10

0.0004 Low

EPSS

Percentile

5.1%

Summary

Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path. An attacker could exploit this vulnerability using a Trojan horse DLL in the current working directory of a setup-launcher executable file to gain elevated privileges on the system.

Vulnerability Details

CVEID: CVE-2016-2542**
DESCRIPTION:** Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path. An attacker could exploit this vulnerability using a Trojan horse DLL in the current working directory of a setup-launcher executable file to gain elevated privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110914&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

2.5.1

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Security Guardium Data Redaction 2.5.1 https://www-01.ibm.com/software/passportadvantage/pao_customer.html

Workarounds and Mitigations

This is an installation modification - existing deployments are not required to be reinstalled; Old installation can be also used from within an empty directory

0.0004 Low

EPSS

Percentile

5.1%

Related for D7003E42BBB90675047D51795AAEDACC95B4FFAA8765FB64E2392FFB56156EC7