Vulnerabilities > CVE-2012-0204 - Unspecified vulnerability in IBM products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

ibm

critical

NVD

Published: 2013-01-31

Updated: 2017-08-29

Summary

Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21623501 "CVSS Base Score: 9.3 / CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) a malicious user who has access to a machine with the Import Export Manager installed could execute arbitrary commands in the context of any user who accesses the Import Export Manager application. " Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Infosphere Import Export Manager 8.1 IBM Infosphere Import Export Manager 8.1.1 IBM Infosphere Import Export Manager 8.1.2 IBM Infosphere Import Export Manager 8.5 IBM Infosphere Import Export Manager 8.7 IBM Infosphere Import Export Manager 9.1 IBM Infosphere Information Server 8.1 IBM Infosphere Information Server 8.5 IBM Infosphere Information Server 8.5.0.1 IBM Infosphere Information Server 8.5.0.2 IBM Infosphere Information Server 8.7 IBM Infosphere Information Server 9.1 IBM Infosphere Information Server Metabrokers & Bridges -	13

Summary

Vulnerable Configurations

References