Security Bulletin: InstallAnywhere generates installation executables which are vulnerable to a DLL-planting vulnerability (CVE-2016-4560)

Summary Flexera InstallAnywhere, shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center, could allow a local attacker to gain elevated privileges on the system by using a Trojan horse DLL in the current working directory of a setup-launcher. Vulnerability Details CVEID:...

Security Bulletin: IBM Sterling Connect:Direct FTP+ for Windows installers are vulnerable to attack (CVE-2016-4560)

Summary IBM Sterling Connect:Direct FTP+ for Windows installers are vulnerable to attack under certain conditions. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a remote attacker to execute arbitrary code on the system. The application does not direct...

Security Bulletin: IBM WebSphere Installer used by WebSphere Message Broker, IBM Integration Bus, IBM Integration Bus Healthcare Pack, Manufacturing Pack, and Retail Pack is susceptible to DLL-planting vulnerability (CVE-2016-4560)

Summary The Windows graphical user interface installer setup.exe used by WebSphere Message Broker, IBM Integration Bus, IBM Integration Bus Healthcare Pack, IBM Integration Bus Manufacturing Pack, and IBM Integration Bus Retail Pack, is susceptible to a DLL-planting vulnerability, where a malicio...

Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2016-4560

Summary IBM SDK for Node.js installation executables on the Windows platform are affected by CVE-2016-4560 Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path. An...

Security Bulletin: Various IBM WebSphere MQ Installers are susceptible to DLL-planting vulnerabilities (CVE-2016-2542 & CVE-2016-4560)

Summary Various IBM WebSphere MQ graphical user interface installers are susceptible to a DLL-planting vulnerability where a malicious DLL, that is present in the Windows search path, could be loaded by the operating system in place of the genuine file. The vulnerability affects Windows executabl...

Security Bulletin: Vulnerability in InstallAnywhere affects IBM Tivoli Storage Manager Administration Center (CVE-2016-4560)

Summary InstallAnywhere generates installation executables which are vulnerable to a DLL-planting that affects IBM Tivoli Storage Manager Administration Center on Windows platforms. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gai...

Security Bulletin: Vulnerability in Flexera InstallAnywhere affects IBM eDiscovery Analyzer (CVE-2016-4560)

Summary Flexera InstallAnywhere has a security vulnerability that could be exploited in IBM eDiscovery Analyzer. Vulnerability Details CVEID:CVE-2016-4560 DESCRIPTION:Flexera InstallAnywhere could allow a remote attacker to execute arbitrary code on the system. The application does not directly...

Security Bulletin: Vulnerability in InstallAnywhere affects IBM Content Collector for SAP Applications on Microsoft Windows (CVE-2016-4560)

Summary IBM Content Collector for SAP Applications on Microsoft Windows is affected by a vulnerability caused by InstallAnywhere. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an...

Security Bulletin: InstallAnywhere DLL-planting vulnerability affects IBM Case Manager installers (CVE-2016-4560)

Summary InstallAnywhere generates installation executables that are vulnerable to a DLL-planting vulnerability Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path...

Security Bulletin: Installer vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation, and FileNet BPM (CVE-2016-4560)

Summary InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search...

Security Bulletin: Vulnerability in InstallShield/InstallAnywhere affects IBM Informix CSDK and Server installation on Windows(CVE-2016-2542, CVE-2016-4560)

Summary InstallShield/installAnywhere generates installation executables which are vulnerable to a DLL-planting affecting the installation of IBM Informix CSDK and Dynamic Server on Windows. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could allow a local attacker...

CVE-2016-4560

CVE-2016-4560 is a DLL‑planting vulnerability in Flexera InstallAnywhere used by multiple IBM products. Attackers could place a Trojan horse DLL in the current working directory of a setup-launcher executable to gain elevated privileges through an untrusted search path. The commonly cited CVSS ve...