CVE-2011-2397
Iron Mountain Connected Backup 8.4 - Remote Code Execution via Opcode 13 Request
Title source: llmDescription
The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-339/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71602
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/77495
Scores
EPSS
0.0552
EPSS Percentile
91.9%
Details
CWE
CWE-20
Status
published
Products (1)
ironmountain/connected_backup
8.4
Published
Dec 05, 2011
Tracked Since
Feb 18, 2026