IBM.Installation.Manager.URI.Argument.Injection

description-logoDescription

This indicates an attack attempt against a Argument Injection vulnerability in IBM Installation Manager.
The vulnerability is caused by an error when the vulnerable software handles a malicious "iim:" URI handler. It allows a remote attacker to load arbitrary DLL from UNC share via sending a crafted web page.

affected-products-logoAffected Products

IBM Installation Manager 1.3.2 and earlier

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the version 1.3.3.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-09-10 16.921 Sig Added