CVE-2008-3857

Опубликовано: 28 авг. 2008

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:db2_universal_database:9.1:*:aix:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:*:hp_ux:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:*:linux:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:*:solaris:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:*:windows:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:aix:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:hp-ux:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:linux:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:solaris:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:windows:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:aix:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:hp-ux:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:linux:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:solaris:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:windows:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:hp-ux:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:solaris:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:windows:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:aix:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:hp-ux:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:linux:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:solaris:*:*:*:*:*

cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:windows:*:*:*:*:*

EPSS

Процентиль: 19%

0.00059

Низкий

4.6 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-8vc3-xjw8-wgr3

github

почти 4 года назад