CVE-2015-7442

Published: Jan 2, 2016Modified: May 6, 2026

7.0

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.

Affected (12)

Products: Ibm: Installation Manager, Packaging Utility

Ibm

2 products

Installation Manager

Packaging Utility

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Ibm Installation Manager	Version 1.7.4.3
Ibm Installation Manager	Version 1.8.0.0
Ibm Installation Manager	Version 1.8.1.0
Ibm Installation Manager	Version 1.8.2.0
Ibm Installation Manager	Version 1.8.2.1
Ibm Installation Manager	Version 1.8.3.0
Ibm Packaging Utility	Up to 1.7.4.3
Ibm Packaging Utility	Version 1.8.0.0
Ibm Packaging Utility	Version 1.8.1.0
Ibm Packaging Utility	Version 1.8.2.0
Ibm Packaging Utility	Version 1.8.2.1
Ibm Packaging Utility	Version 1.8.3.0

Related CWEs

CWE-264

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21971295

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/77558

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21971295

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/77558

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.