Lucene search

K
cve[email protected]CVE-2007-4271
HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4271

2007-08-1821:17:00
CWE-22
web.nvd.nist.gov
24
cve
2007
4271
ibm
db2
udb
directory traversal
vulnerability
local users
arbitrary files
environment variable
symlink following

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a … (dot dot) in an unspecified environment variable, which is appended to “/tmp/” and used as a log file. NOTE: this issue might be related to symlink following.

Affected configurations

NVD
Node
ibmdb2_universal_databaseRange8.0fp14
OR
ibmdb2_universal_databaseRange9.1fp2

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%