Lucene search

[email protected]CVE-2008-4693

HistoryOct 22, 2008 - 6:00 p.m.

CVE-2008-4693

2008-10-2218:00:00

CWE-200

[email protected]

web.nvd.nist.gov

ibm

db2

vulnerability

sort

list services

nvd

cve-2008-4693

8.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%

JSON

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading “PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES.”

CPENameOperatorVersion
ibm:db2ibm db2eq9.1
ibm:db2ibm db2eq9.5

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.1
ibm:db2	ibm db2	eq	9.5

References

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT

secunia.com/advisories/32368

www-01.ibm.com/support/docview.wss?uid=swg1IZ23915

www-01.ibm.com/support/docview.wss?uid=swg1IZ28489

www-01.ibm.com/support/docview.wss?uid=swg27013892

www.vupen.com/english/advisories/2008/2893

exchange.xforce.ibmcloud.com/vulnerabilities/46022

8.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%

JSON

Related for CVE-2008-4693

cvelist1 prion1 nessus2 ibm1