CVE-2006-5663 — IBM Informix Client SDK vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 83.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Informix Client SDK IBM Informix Dynamic Server IBM Informix I-connect

Timeline

PublishedNov 3

Latest updateMay 1

Description

IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶NVDibm/informix_dynamic_server10.00

▶NVDibm/informix_i-connect2.90

▶NVDibm/informix_client_sdk2.90

Patches

Patch: secunia.com ↗Patch: www-1.ibm.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-c377-qq6h-g89j: IBM Informix Dynamic Server 10↗2022-05-01

▶

CVEList

CVE-2006-5663: IBM Informix Dynamic Server 10↗2006-11-03

▶