CVE-2011-1560

CWE-2553 documents3 sources
Severity
9.3CRITICAL
EPSS
0.7%
top 28.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Soliddb
Timeline
PublishedApr 5
Latest updateMay 17

Description

solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDibm/soliddb4.5.180+25

🔴Vulnerability Details

2
GHSA
GHSA-m9h2-f9w3-462f: solid2022-05-17
CVEList
CVE-2011-1560: solid2011-04-05
CVE-2011-1560 (CRITICAL CVSS 9.3) | solid.exe in IBM solidDB before 4.5 | cvebase.io