← Back

CVE-2017-1720

nvd nist
Published: Feb 13, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability: 1.8 / Impact: 3.4
Source: NVD

Description

IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.

Affected (10)

Ibm
2 products
Notes
Client Application Access
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Notes
Version 8.5.0.0
Notes
Version 8.5.1.0
Notes
Version 8.5.2.0
Notes
Version 8.5.3.0
Notes
Version 9.0.0.0
Notes
Version 9.0.1.0
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Client Application Access
Version 1.0.1.0
Client Application Access
Version 1.0.1.1
Client Application Access
Version 1.0.1.1 interim_fix_1
Client Application Access
Version 1.0.1.2 interim_fix_1

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (6)

Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.