CVE-2006-3858
6.2 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.3%
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
References
secunia.com/advisories/21301
www-1.ibm.com/support/docview.wss?uid=swg21242921
www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
www.osvdb.org/27691
www.securityfocus.com/archive/1/443133/100/0/threaded
www.securityfocus.com/archive/1/443195/100/0/threaded
www.securityfocus.com/bid/19264
www.vupen.com/english/advisories/2006/3077
exchange.xforce.ibmcloud.com/vulnerabilities/28132
Related
6.2 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.3%