Описание
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
Ссылки
- PatchVendor Advisory
- ExploitVendor Advisory
- Patch
- ExploitPatch
- PatchVendor Advisory
- ExploitVendor Advisory
- Patch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc2:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
3.6 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
EPSS
Процентиль: 23%
0.00077
Низкий
3.6 Low
CVSS2
Дефекты
NVD-CWE-Other