CVE-2005-4868

moderate-risk

Published 2005-12-31

Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.

Do I need to act?

0.14% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

24678

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.1/10 High

LOCAL / LOW complexity

Affected Products (4)

Db2 Universal Database

Affected Vendors

Ibm

References (12)

Mailing List http://marc.info/?l=bugtraq&m=110495402231836&w=2

Broken Link http://secunia.com/advisories/12733/

Broken Link http://www-1.ibm.com/support/docview.wss?uid=swg21181228

Not Applicable http://www.nextgenss.com/advisories/db205012005F.txt

Broken Link http://www.securityfocus.com/bid/11402

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/17605

Mailing List http://marc.info/?l=bugtraq&m=110495402231836&w=2

Broken Link http://secunia.com/advisories/12733/

Broken Link http://www-1.ibm.com/support/docview.wss?uid=swg21181228

Not Applicable http://www.nextgenss.com/advisories/db205012005F.txt

Broken Link http://www.securityfocus.com/bid/11402

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/17605

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 8/34 · Low

Exposure 10/34 · Low