CVE-2012-0204 - OpenCVE

Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Infosphere Import Export Manager Infosphere Information Server Infosphere Information Server Metabrokers \& Bridges

Configuration 1 [-]

OR	cpe:2.3:a:ibm:infosphere_import_export_manager:8.1:::::::*
	cpe:2.3:a:ibm:infosphere_import_export_manager:8.1.1:::::::*
	cpe:2.3:a:ibm:infosphere_import_export_manager:8.1.2:::::::*
	cpe:2.3:a:ibm:infosphere_import_export_manager:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_import_export_manager:8.7:::::::*
	cpe:2.3:a:ibm:infosphere_import_export_manager:9.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:9.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server_metabrokers_\&_bridges:-:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21623501
https://exchange.xforce.ibmcloud.com/vulnerabilities/73255

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-01-31T11:00:00

Updated: 2024-08-06T18:16:19.324Z

Reserved: 2011-12-14T00:00:00

Link: CVE-2012-0204

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-01-31T12:06:17.707

Modified: 2017-08-29T01:30:52.320

Link: CVE-2012-0204

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "infosphere-is-dll-code-execution(73255)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73255"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0204", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "infosphere-is-dll-code-execution(73255)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73255"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:16:19.324Z"}, "title": "CVE Program Container", "references": [{"name": "infosphere-is-dll-code-execution(73255)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73255"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0204", "datePublished": "2013-01-31T11:00:00", "dateReserved": "2011-12-14T00:00:00", "dateUpdated": "2024-08-06T18:16:19.324Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_import_export_manager:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A85A0D3-1941-4F6B-8787-286A009440DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_import_export_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "915337FC-0BFD-44FB-A7D2-765E1422DD4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_import_export_manager:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "276EFD18-CD4A-4F1A-AAF2-953F22B075DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_import_export_manager:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "8DEC85B5-BFB8-4B07-8F63-0752C94E58FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_import_export_manager:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "27BE8D08-C377-4248-ADB7-69962F5D2C3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_import_export_manager:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "E47D3B91-D36A-4F16-9874-41376887B6D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "317FAE67-76E2-4084-9393-8A02D255BAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "CA7096B4-291F-49BB-8DBC-E67AC901CF08", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D547E88D-FE3F-4C90-B7D8-301A1449E9AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5585D2C4-6575-4469-A6EF-CCDC3A0BEDB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3BF0A4B-5DDB-420D-B1F2-8C1ED23F60CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server_metabrokers_\\&_bridges:-:*:*:*:*:*:*:*", "matchCriteriaId": "81D571DC-7829-4F9C-A959-36E586B4C7C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory."}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta no confiable en el Import Export Manager v8.1 hasta v9.1 en InfoSphere Information Server MetaBrokers & Bridges (MBB) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, v8.7, y v9.1 permite a usuarios locales ganar privielgios mediante un troyano DLL en el directorio actual de trabajo."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426 Untrusted Search Path'", "evaluatorImpact": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21623501\r\n\r\n\"CVSS Base Score: 9.3 / CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)\r\n\r\na malicious user who has access to a machine with the Import Export Manager installed could execute arbitrary commands in the context of any user who accesses the Import Export Manager application. \"", "id": "CVE-2012-0204", "lastModified": "2017-08-29T01:30:52.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-01-31T12:06:17.707", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73255"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}