CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-0868

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.7%

CVSS Severity

CVSS v2 Score 7.5

References

http://marc.info/?l=bugtraq&m=111160242803070&w=2
http://www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdf
http://marc.info/?l=bugtraq&m=111160242803070&w=2
http://www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdf

Products affected by CVE-2005-0868

Bosanova » Launcher400 » Version: Any

cpe:2.3:a:bosanova:launcher400:*
Ibm » Client Access » Version: N/A

cpe:2.3:a:ibm:client_access:-
Mochasoft » Tn5250 » Version: Any

cpe:2.3:a:mochasoft:tn5250:*
Powerterm » Interconnect » Version: Any

cpe:2.3:a:powerterm:interconnect:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-0868

Products

Pricing

Contact Us