CVE-2016-5934

{"id": "CVE-2016-5934", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2017-02-08T22:59:00.637", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg21988908", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/92614", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim."}, {"lang": "es", "value": "El instalador IBM Tivoli Storage Manager FastBack podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario en el sistema. Al colocar una DLL especialmente manipulada en el camino de la v\u00edctima, un atacante podr\u00eda explotar esta vulnerabilidad cuando el instalador se ejecuta para ejecutar c\u00f3digo arbitrario en el sistema con privilegios de la v\u00edctima."}], "lastModified": "2017-02-15T13:39:26.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_fastback:*:*:*:*:demo:*:*:*", "vulnerable": true, "matchCriteriaId": "B30ED7B4-7A0B-4461-A0F4-478D8721512F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}