IBME8630190EFF0FB4DD14B333C87926C16D0DA3AAF412DEFEFDAF8FD1EB5B6A9F6Security Bulletin: Vulnerability in Install of Informix Dynamic Server on Windows (CVE-2016-0226)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
51.0%
Summary
IBM Informix Dynamic Server, Windows Client, is vulnerable to a privilege escalation attack.
Vulnerability Details
**CVEID:**CVEID: CVE-2016-0226
DESCRIPTION: Windows client installations of IBM Informix Dynamic Server could allow a local user to gain privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110087 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM Informix Dynamic Server v 11.70.xCn (Windows)
Remediation/Fixes
Affected Version
| Fix
—|—
IBM Informix Dynamic Server v 11.70.xCn (Windows)| Fix Central
Workarounds and Mitigations
Refer to README. Fix Central
| CPE | Name | Operator | Version |
|---|---|---|---|
| informix servers | eq | 11.7 |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
51.0%