CVE-2011-1388

The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21576352	Patch Vendor Advisory
http://secunia.com/advisories/47310	Vendor Advisory
http://secunia.com/advisories/47286	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71694

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:.bbsoftware:bb_flashback:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:ibm:rational_rhapsody:7.5.2:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.1.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.2.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.3.2:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.0.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.3.1:::::::*
	cpe:2.3:a:ibm:rational_rhapsody::::::::
	cpe:2.3:a:ibm:rational_rhapsody:7.6:::::::*
	cpe:2.3:a:ibm:rational_rhapsody:7.5.3:::::::*

Information

Published : 2011-12-23 14:55

Updated : 2017-08-16 18:34

NVD link : CVE-2011-1388

Mitre link : CVE-2011-1388

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

Products Affected

ibm

rational_rhapsody

.bbsoftware

bb_flashback

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21576352", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21576352", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/47310", "name": "47310", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/47286", "name": "47286", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71694", "name": "rr-bcf-code-execution(71694)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1388", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2011-12-23T22:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:.bbsoftware:bb_flashback:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false, "versionEndIncluding": "7.6.0.1"}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_rhapsody:7.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:34Z"}