Lucene search
HistoryAug 28, 2008 - 5:41 p.m.
CVE-2008-3857
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.7
Confidence
Low
EPSS
0
Percentile
5.1%
The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.
Affected configurations
Node
ibmdb2_universal_databaseMatch9.1aix
ORibmdb2_universal_databaseMatch9.1hp_ux
ORibmdb2_universal_databaseMatch9.1linux
ORibmdb2_universal_databaseMatch9.1solaris
ORibmdb2_universal_databaseMatch9.1windows
ORibmdb2_universal_databaseMatch9.1fp2aix
ORibmdb2_universal_databaseMatch9.1fp2hp-ux
ORibmdb2_universal_databaseMatch9.1fp2linux
ORibmdb2_universal_databaseMatch9.1fp2solaris
ORibmdb2_universal_databaseMatch9.1fp2windows
ORibmdb2_universal_databaseMatch9.1fp3aix
ORibmdb2_universal_databaseMatch9.1fp3hp-ux
ORibmdb2_universal_databaseMatch9.1fp3linux
ORibmdb2_universal_databaseMatch9.1fp3solaris
ORibmdb2_universal_databaseMatch9.1fp3windows
ORibmdb2_universal_databaseMatch9.1fp4hp-ux
ORibmdb2_universal_databaseMatch9.1fp4solaris
ORibmdb2_universal_databaseMatch9.1fp4windows
ORibmdb2_universal_databaseMatch9.1fp4aaix
ORibmdb2_universal_databaseMatch9.1fp4ahp-ux
ORibmdb2_universal_databaseMatch9.1fp4alinux
ORibmdb2_universal_databaseMatch9.1fp4asolaris
ORibmdb2_universal_databaseMatch9.1fp4awindows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:*:aix:*:*:*:*:* |
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:*:hp_ux:*:*:*:*:* |
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:*:linux:*:*:*:*:* |
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:*:solaris:*:*:*:*:* |
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:*:windows:*:*:*:*:* |
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:aix:*:*:*:*:* |
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:hp-ux:*:*:*:*:* |
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:linux:*:*:*:*:* |
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:solaris:*:*:*:*:* |
| ibm | db2_universal_database | 9.1 | cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:windows:*:*:*:*:* |
Related
prion
prion
Default credentials
2008-08-28 17:41:00
cve
cve
CVE-2008-3857
2008-08-28 17:41:00
cvelist
cvelist
CVE-2008-3857
2008-08-28 17:00:00
nessus
nessus
IBM DB2 < 9 Fix Pack 5 Multiple Vulnerabilities
2008-06-10 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.7
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2008-3857