CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.8%
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | informix_dynamic_server | 9.4 | cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:* |
ibm | informix_dynamic_server | 9.40.tc5 | cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:* |
ibm | informix_dynamic_server | 9.40.uc1 | cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:* |
ibm | informix_dynamic_server | 9.40.uc2 | cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:* |
ibm | informix_dynamic_server | 9.40.uc3 | cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:* |
ibm | informix_dynamic_server | 9.40.uc5 | cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:* |
ibm | informix_dynamic_server | 9.40.xc5 | cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:* |
ibm | informix_dynamic_server | 9.40.xc7 | cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc7:*:*:*:*:*:*:* |
ibm | informix_dynamic_server | 10.0 | cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:* |
ibm | informix_dynamic_server | 10.0.xc1 | cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:* |
secunia.com/advisories/21301
www-1.ibm.com/support/docview.wss?uid=swg21242921
www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
www.osvdb.org/27691
www.securityfocus.com/archive/1/443133/100/0/threaded
www.securityfocus.com/archive/1/443195/100/0/threaded
www.securityfocus.com/bid/19264
www.vupen.com/english/advisories/2006/3077
exchange.xforce.ibmcloud.com/vulnerabilities/28132