CVE-2011-1384

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:N/I:C/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
ibminvscout.rte
𝑥
≤ 2.2.0.18
ibminvscout.rte
2.2.0.2
ibminvscout.rte
2.2.0.4
ibminvscout.rte
2.2.0.7
ibminvscout.rte
2.2.0.8
ibminvscout.rte
2.2.0.9
ibminvscout.rte
2.2.0.10
ibminvscout.rte
2.2.0.11
ibminvscout.rte
2.2.0.12
ibminvscout.rte
2.2.0.13
ibminvscout.rte
2.2.0.14
ibminvscout.rte
2.2.0.15
ibminvscout.rte
2.2.0.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc
http://secunia.com/advisories/47222
http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
http://www.securityfocus.com/bid/51059
http://www.securityfocus.com/bid/51083
https://exchange.xforce.ibmcloud.com/vulnerabilities/71615
http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc
http://secunia.com/advisories/47222
http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
http://www.securityfocus.com/bid/51059
http://www.securityfocus.com/bid/51083
https://exchange.xforce.ibmcloud.com/vulnerabilities/71615