Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4868Incorrect Permission Assignment in IBM DB2 Universal Database

CWE-732Incorrect Permission AssignmentCWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 66.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM DB2 Universal Database
Timeline
PublishedDec 31
Latest updateMay 1

Description

Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

NVDibm/db2_universal_database4 versions+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-f24p-3hqr-7g3q: Shared memory sections and events in IBM DB2 82022-05-01
CVEList
CVE-2005-4868: Shared memory sections and events in IBM DB2 82007-10-06

💥Exploits & PoCs

1
Exploit-DB
IBM DB2 - Universal Database Information Disclosure2004-09-01
CVE-2005-4868 — Incorrect Permission Assignment in IBM | cvebase