CVE-2006-3860

EPSS 3.2%
Published 17.08.2006 01:04:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Informix Dynamic Database Server Version7.3

Ibm ≫ Informix Dynamic Database Server Version7.31_.xd8

Ibm ≫ Informix Dynamic Database Server Version9.4

Ibm ≫ Informix Dynamic Database Server Version9.40.tc5

Ibm ≫ Informix Dynamic Database Server Version9.40.uc1

Ibm ≫ Informix Dynamic Database Server Version9.40.uc2

Ibm ≫ Informix Dynamic Database Server Version9.40.uc3

Ibm ≫ Informix Dynamic Database Server Version9.40.uc5

Ibm ≫ Informix Dynamic Database Server Version9.40.xc7

Ibm ≫ Informix Dynamic Database Server Version10.0

Ibm ≫ Informix Dynamic Database Server Version10.0_xc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.2%	0.865

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/21301

Vendor Advisory

http://www-1.ibm.com/support/docview.wss?uid=swg21242921

http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

http://www.securityfocus.com/archive/1/443133/100/0/threaded

http://www.securityfocus.com/bid/19264

http://www.vupen.com/english/advisories/2006/3077

http://securityreason.com/securityalert/1407

http://www.osvdb.org/27686

http://www.securityfocus.com/archive/1/443185/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/28121

https://exchange.xforce.ibmcloud.com/vulnerabilities/28124

https://nvd.nist.gov/vuln/detail/CVE-2006-3860

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3860

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3860

EUVD