10

CVE-2010-2771

solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet.

Data is provided by the National Vulnerability Database (NVD)
IbmSoliddb Version <= 6.5.0.1
IbmSoliddb Version4.5.167
IbmSoliddb Version4.5.168
IbmSoliddb Version4.5.169
IbmSoliddb Version4.5.173
IbmSoliddb Version4.5.175
IbmSoliddb Version4.5.176
IbmSoliddb Version4.5.178
IbmSoliddb Version06.00.1018
IbmSoliddb Version6.0.1060
IbmSoliddb Version6.0.1061
IbmSoliddb Version6.0.1064
IbmSoliddb Version6.0.1065
IbmSoliddb Version6.0.1066
IbmSoliddb Version6.1
IbmSoliddb Version6.1.20
IbmSoliddb Version6.3.33
IbmSoliddb Version6.3.37
IbmSoliddb Version6.5.0.0
IbmSoliddb Version6.30.0039
IbmSoliddb Version6.30.0040
IbmSoliddb Version6.30.0044
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 8.46% 0.915
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.