CVE-2007-4669 — Sensitive Information Exposure in Firebird

CWE-200 — Sensitive Information Exposure CWE-2643 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 40.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Firebirdsql Firebird

Timeline

PublishedSep 4

Latest updateMay 1

Description

The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfirebirdsql/firebird2.0.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-953w-v856-4gqv: The Services API in Firebird before 2↗2022-05-01

▶

CVEList

CVE-2007-4669: The Services API in Firebird before 2↗2007-09-04

▶