Arbitrary Code Execution Vulnerability in Iron Mountain Connected Backup 8.4

CVE-2011-2397 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.

Learn more about our Web Application Penetration Testing UK.