CVE-2004-2319IBM Informix Dynamic Server vulnerability

3 documents3 sources
Severity
3.6LOWNVD
EPSS
0.1%
top 77.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Informix Dynamic ServerIBM Informix Extended Parallel Server
Timeline
PublishedDec 31
Latest updateApr 29

Description

IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

NVDibm/informix_dynamic_server9.40.uc1, 9.40.uc2+1
NVDibm/informix_extended_parallel_server8.40_uc1, 8.40_uc2+1

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-qgfr-6gfj-7gg6: IBM Informix Dynamic Server (IDS) before 92022-04-29
CVEList
CVE-2004-2319: IBM Informix Dynamic Server (IDS) before 92005-08-16
CVE-2004-2319 — IBM vulnerability | cvebase