CVE-2011-2397

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
05/12/2011
Last modified:
11/04/2025

Description

The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ironmountain:connected_backup:8.4:*:*:*:*:*:*:*