Lucene search

PRIOn knowledge basePRION:CVE-2008-4693

HistoryOct 22, 2008 - 6:00 p.m.

Design/Logic Flaw

2008-10-2218:00:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%

JSON

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading “PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES.”

CPENameOperatorVersion
db2eq9.1 fp4
db2eq9.5
db2eq9.1 fp1
db2eq9.1
db2eq9.1 fp3
db2eq9.1 fp3a
db2le9.1
db2eq9.1 fp2
db2le9.5
db2eq9.1 fp4a

Name	Operator	Version
db2	eq	9.1 fp4
db2	eq	9.5
db2	eq	9.1 fp1
db2	eq	9.1
db2	eq	9.1 fp3
db2	eq	9.1 fp3a
db2	le	9.1
db2	eq	9.1 fp2
db2	le	9.5
db2	eq	9.1 fp4a

References

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT

secunia.com/advisories/32368

www-01.ibm.com/support/docview.wss?uid=swg1IZ23915

www-01.ibm.com/support/docview.wss?uid=swg1IZ28489

www-01.ibm.com/support/docview.wss?uid=swg27013892

www.vupen.com/english/advisories/2008/2893

exchange.xforce.ibmcloud.com/vulnerabilities/46022

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%

JSON

Related for PRION:CVE-2008-4693