Published:2026/03/17 Last Updated:2026/03/17
JVN#96706146
Installer for IBM Trusteer Rapport may insecurely load Dynamic Link Libraries
Overview
The installer for IBM Trusteer Rapport provided by IBM may insecurely load Dynamic Link Libraries.
Products Affected
- IBM Trusteer Rapport installer version 3.5.2309.290
Description
The installer for IBM Trusteer Rapport provided by IBM contains the following vulnerability.
- Uncontrolled search path element (CWE-427)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2026-2713
Impact
Arbitrary code may be executed with the administrator privilege when the installer is executed.
Solution
Use the latest installer
Use the latest installer provided by the developer.
For more information, refer to the information provided by the developer.
Vendor Status
References
-
Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2026-000038 |