IBM Content Manager Enterprise Edition update for Flexera InstallShield
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-2542 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Content Manager Enterprise Edition Web applications / CMS |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU40450
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2542
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file. CWE-426: Untrusted Search Path - http://cwe.mitre.org/data/definitions/426.html
MitigationInstall update from vendor's website.
Vulnerable software versionsContent Manager Enterprise Edition: before 8.4.3.5
External linkshttp://www.ibm.com/support/pages/node/277527
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
