CVE-2011-2397

Name of the Vulnerable Software and Affected Versions Iron Mountain Connected Backup version 8.4

Description The issue allows remote attackers to execute arbitrary code via a crafted request. This is achieved by triggering the use of a specific class to send request data to the System.getRunTime.exec method.

Recommendations For Iron Mountain Connected Backup version 8.4, consider disabling the LaunchCompoundFileAnalyzer class as a temporary workaround until a patch is available. Restrict access to the System.getRunTime.exec method to minimize the risk of exploitation.