CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
87.7%
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) “SET DEBUG FILE” SQL command, and the (2) start_onpload and (3) dbexp functions.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | informix_dynamic_database_server | 7.3 | cpe:2.3:a:ibm:informix_dynamic_database_server:7.3:*:*:*:*:*:*:* |
ibm | informix_dynamic_database_server | 7.31_.xd8 | cpe:2.3:a:ibm:informix_dynamic_database_server:7.31_.xd8:*:*:*:*:*:*:* |
ibm | informix_dynamic_database_server | 9.4 | cpe:2.3:a:ibm:informix_dynamic_database_server:9.4:*:*:*:*:*:*:* |
ibm | informix_dynamic_database_server | 9.40.tc5 | cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:* |
ibm | informix_dynamic_database_server | 9.40.uc1 | cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:* |
ibm | informix_dynamic_database_server | 9.40.uc2 | cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:* |
ibm | informix_dynamic_database_server | 9.40.uc3 | cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:* |
ibm | informix_dynamic_database_server | 9.40.uc5 | cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc5:*:*:*:*:*:*:* |
ibm | informix_dynamic_database_server | 9.40.xc7 | cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.xc7:*:*:*:*:*:*:* |
ibm | informix_dynamic_database_server | 10.0 | cpe:2.3:a:ibm:informix_dynamic_database_server:10.0:*:*:*:*:*:*:* |
secunia.com/advisories/21301
securityreason.com/securityalert/1407
www-1.ibm.com/support/docview.wss?uid=swg21242921
www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
www.osvdb.org/27686
www.securityfocus.com/archive/1/443133/100/0/threaded
www.securityfocus.com/archive/1/443185/100/0/threaded
www.securityfocus.com/bid/19264
www.vupen.com/english/advisories/2006/3077
exchange.xforce.ibmcloud.com/vulnerabilities/28121
exchange.xforce.ibmcloud.com/vulnerabilities/28124