CVE-2026-2713

IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7263031	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:trusteer_rapport:3.5.2309.290:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

02 Apr 2026, 13:13

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:trusteer_rapport:3.5.2309.290:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:apple:macos:-:::::::*
First Time		Ibm trusteer Rapport Microsoft Microsoft windows Apple macos Apple Ibm
References	~~() https://www.ibm.com/support/pages/node/7263031 -~~	() https://www.ibm.com/support/pages/node/7263031 - Vendor Advisory

11 Mar 2026, 13:52

Type	Values Removed	Values Added
Summary		(es) IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport podría permitir a un atacante local ejecutar código arbitrario en el sistema, causado por una vulnerabilidad de elemento de ruta de búsqueda no controlada de DLL. Al colocar un archivo especialmente diseñado en una carpeta comprometida, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema.

10 Mar 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 20:16

Updated : 2026-04-02 13:13

NVD link : CVE-2026-2713

Mitre link : CVE-2026-2713

CVE.ORG link : CVE-2026-2713

JSON object : View

Products Affected

ibm

trusteer_rapport

microsoft

windows

apple

macos

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2026-2713", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-03-10T20:16:39.930", "references": [{"url": "https://www.ibm.com/support/pages/node/7263031", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system."}, {"lang": "es", "value": "IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport podr\u00eda permitir a un atacante local ejecutar c\u00f3digo arbitrario en el sistema, causado por una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada de DLL. Al colocar un archivo especialmente dise\u00f1ado en una carpeta comprometida, un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema."}], "lastModified": "2026-04-02T13:13:36.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:trusteer_rapport:3.5.2309.290:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "471113FB-3A15-4E76-AEFF-A4FEF93F3C8F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}