CVE-2009-2543

Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allow remote attackers to bypass detection of malware via a modified (1) ZIP or (2) CAB archive, a related issue to CVE-2009-1240.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
http://www.securityfocus.com/archive/1/504987/100/0/threaded
http://www.securityfocus.com/archive/1/504992/100/0/threaded
http://www.securityfocus.com/archive/1/504995/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:proventia_desktop_endpoint_security::::::::
	cpe:2.3:a:ibm:proventia_network_mail_security_system::::::::
	cpe:2.3:a:ibm:proventia_network_mail_security_system_vitual_appliance::::::::
	cpe:2.3:a:ibm:proventia_network_multi-function_security::::::::

History

No history.

Information

Published : 2009-07-20 18:30

Updated : 2024-02-04 17:33

NVD link : CVE-2009-2543

Mitre link : CVE-2009-2543

CVE.ORG link : CVE-2009-2543

JSON object : View

Products Affected

ibm

proventia_network_mail_security_system
proventia_desktop_endpoint_security
proventia_network_multi-function_security
proventia_network_mail_security_system_vitual_appliance

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-2543", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-07-20T18:30:01.327", "references": [{"url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allow remote attackers to bypass detection of malware via a modified (1) ZIP or (2) CAB archive, a related issue to CVE-2009-1240."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en el motor de IBM Proventia v4.9.0.0.44 20081231, como el usuado por IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), y posiblemente otros productos, permite a atacantes remotos evitar la detecci\u00f3n de c\u00f3digo malicioso mediante un fichero (1) ZIP o (2) CAB modificado, siendo un asunto relacionado con CVE-2009-1240."}], "lastModified": "2018-10-10T19:40:44.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:proventia_desktop_endpoint_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B77F1551-5C37-4D5B-AC86-C2965083B93D"}, {"criteria": "cpe:2.3:a:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C520BF35-8406-44E3-8FC6-D8BD7242D13B"}, {"criteria": "cpe:2.3:a:ibm:proventia_network_mail_security_system_vitual_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C506960-F0F2-4724-96B5-75D3DD6FF54B"}, {"criteria": "cpe:2.3:a:ibm:proventia_network_multi-function_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E520803B-AC1A-40CA-8AE9-E41A8B9D6492"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}