CVE-2016-0226 — Improper Access Control in IBM Informix Dynamic Server

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 88.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Informix Dynamic Server

Timeline

PublishedMar 28

Latest updateMay 17

Description

The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDibm/informix_dynamic_server11.70.xcn

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-c268-c5mw-v8g9: The client implementation in IBM Informix Dynamic Server 11↗2022-05-17

▶

CVEList

CVE-2016-0226: The client implementation in IBM Informix Dynamic Server 11↗2016-03-28

▶