Lucene search

[email protected]CVE-2008-4693

HistoryOct 22, 2008 - 6:00 p.m.

CVE-2008-4693

2008-10-2218:00:01

CWE-200

[email protected]

web.nvd.nist.gov

ibm

db2

vulnerability

sort

list services

nvd

cve-2008-4693

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading “PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES.”

Affected configurations

NVD

Node

ibmdb2Range≤9.1fp5

ibmdb2Range≤9.5fp1

ibmdb2Match9.1

ibmdb2Match9.1fp1

ibmdb2Match9.1fp2

ibmdb2Match9.1fp3

ibmdb2Match9.1fp3a

ibmdb2Match9.1fp4

ibmdb2Match9.1fp4a

ibmdb2Match9.5

CPENameOperatorVersion
ibm:db2ibm db2le9.1
ibm:db2ibm db2le9.5

CPE	Name	Operator	Version
ibm:db2	ibm db2	le	9.1
ibm:db2	ibm db2	le	9.5

References

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT

secunia.com/advisories/32368

www-01.ibm.com/support/docview.wss?uid=swg1IZ23915

www-01.ibm.com/support/docview.wss?uid=swg1IZ28489

www-01.ibm.com/support/docview.wss?uid=swg27013892

www.vupen.com/english/advisories/2008/2893

exchange.xforce.ibmcloud.com/vulnerabilities/46022

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2008-4693

nvd1 prion1 cvelist1 nessus2 ibm1