Vulnerability Details : CVE-2005-4868
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
Vulnerability category: BypassDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2005-4868
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 7 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4868
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2005-4868
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-4868
-
http://marc.info/?l=bugtraq&m=110495402231836&w=2
'IBM DB2 Windows Permission Problems (#NISR05012005F)' - MARCMailing List
-
http://www-1.ibm.com/support/docview.wss?uid=swg21181228
IBM notice: The page you requested cannot be displayedBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17605
IBM DB2 Everyone Group gain unauthorized access CVE-2005-4868 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.nextgenss.com/advisories/db205012005F.txt
Not Applicable
-
http://secunia.com/advisories/12733/
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.securityfocus.com/bid/11402
Broken Link;Patch;Third Party Advisory;VDB Entry
Products affected by CVE-2005-4868
- cpe:2.3:a:ibm:db2_universal_database:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_universal_database:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_universal_database:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_universal_database:8.1:*:*:*:*:*:*:*