CVE-2008-0369 — IBM Informix Dynamic Server vulnerability

4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 83.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Informix Dynamic Server

Timeline

PublishedJan 19

Latest updateMay 1

Description

Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/informix_dynamic_server10.00

🔴Vulnerability Details

GHSA

GHSA-8hjg-x6x2-q33f: Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10↗2022-05-01

▶

CVEList

CVE-2008-0369: Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10↗2008-01-18

▶

💬Community

Bugzilla

CVE-2008-5340 Java WebStart privilege escalation↗2008-12-05

▶