{"containers": {"cna": {"affected": [{"product": "Security Identity Governance and Intelligence", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.2"}, {"status": "affected", "version": "5.2.1"}, {"status": "affected", "version": "5.2.2"}, {"status": "affected", "version": "5.2.2.1"}, {"status": "affected", "version": "5.2.3"}, {"status": "affected", "version": "5.2.3.1"}, {"status": "affected", "version": "5.2.3.2"}]}], "datePublic": "2018-08-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:H/S:U/UI:R/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-06T13:57:01.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-sig-cve20171755-command-injection(135855)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135855"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-08-01T00:00:00", "ID": "CVE-2017-1755", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Security Identity Governance and Intelligence", "version": {"version_data": [{"version_value": "5.2"}, {"version_value": "5.2.1"}, {"version_value": "5.2.2"}, {"version_value": "5.2.2.1"}, {"version_value": "5.2.3"}, {"version_value": "5.2.3.1"}, {"version_value": "5.2.3.2"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "H", "S": "U", "UI": "R"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Privileges"}]}]}, "references": {"reference_data": [{"name": "ibm-sig-cve20171755-command-injection(135855)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135855"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:39:32.311Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-sig-cve20171755-command-injection(135855)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135855"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1755", "datePublished": "2018-08-06T14:00:00.000Z", "dateReserved": "2016-11-30T00:00:00.000Z", "dateUpdated": "2024-09-16T20:27:52.189Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "21A3FF17-CA69-4AD0-9E2F-08EF894E4707", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F8B59F0-C465-476F-9775-09D411D9C019", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CDADC801-315E-4B7F-8464-CEFC6934A657", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6ACF2C48-1490-4114-84D3-94F13D2375AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1DBF441F-7F14-4626-B705-8E422BAE4348", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A5F964B-B22B-43F0-9B2D-F3FB3C0EF0B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "6F7911BA-F5BF-44FD-A377-0B25EAFC2930", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855."}, {"lang": "es", "value": "IBM Security Identity Governance Virtual Appliance desde la versi\u00f3n 5.2 hasta la 5.2.3.2 podr\u00eda permitir que un atacante local inyecte comandos en archivos maliciosos que podr\u00edan ser ejecutados por el administrador. IBM X-Force ID: 135855."}], "id": "CVE-2017-1755", "lastModified": "2024-11-21T03:22:19.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.6, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-06T14:29:00.560", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135855"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}