Ironmountain: Security Vulnerabilities
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection.This issue affects enVision: before 250563.
CVSS Score
10.0
EPSS Score
0.004
Published
2025-09-23
The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.
CVSS Score
10.0
EPSS Score
0.047
Published
2011-12-05