CVE-2011-1560

Current Description

solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.

Basic Data

PublishedApril 05, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-255
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmSoliddb4.5.167*******
    2.3ApplicationIbmSoliddb4.5.168*******
    2.3ApplicationIbmSoliddb4.5.169*******
    2.3ApplicationIbmSoliddb4.5.173*******
    2.3ApplicationIbmSoliddb4.5.175*******
    2.3ApplicationIbmSoliddb4.5.176*******
    2.3ApplicationIbmSoliddb4.5.178*******
    2.3ApplicationIbmSoliddb4.5.179*******
    2.3ApplicationIbmSoliddb********4.5.180
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmSoliddb6.0.1060*******
    2.3ApplicationIbmSoliddb6.0.1061*******
    2.3ApplicationIbmSoliddb6.0.1064*******
    2.3ApplicationIbmSoliddb6.0.1065*******
    2.3ApplicationIbmSoliddb6.0.1066*******
    2.3ApplicationIbmSoliddb6.1*******
    2.3ApplicationIbmSoliddb6.1.18*******
    2.3ApplicationIbmSoliddb6.1.20*******
    2.3ApplicationIbmSoliddb6.3.33*******
    2.3ApplicationIbmSoliddb6.3.37*******
    2.3ApplicationIbmSoliddb6.3.38*******
    2.3ApplicationIbmSoliddb6.5.0.0*******
    2.3ApplicationIbmSoliddb6.5.0.1*******
    2.3ApplicationIbmSoliddb6.5.0.2*******
    2.3ApplicationIbmSoliddb6.30.0039*******
    2.3ApplicationIbmSoliddb6.30.0040*******
    2.3ApplicationIbmSoliddb6.30.0044*******

Vulnerable Software List

VendorProductVersions
Ibm Soliddb *, 4.5.167, 4.5.168, 4.5.169, 4.5.173, 4.5.175, 4.5.176, 4.5.178, 4.5.179, 6.0.1060, 6.0.1061, 6.0.1064, 6.0.1065, 6.0.1066, 6.1, 6.1.18, 6.1.20, 6.3.33, 6.3.37, 6.3.38, 6.30.0039, 6.30.0040, 6.30.0044, 6.5.0.0, 6.5.0.1, 6.5.0.2

References

NameSourceURLTags
71494http://osvdb.org/71494OSVDB
44030http://secunia.com/advisories/44030SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21474552http://www.ibm.com/support/docview.wss?uid=swg21474552CONFIRMVendor Advisory
ADV-2011-0854http://www.vupen.com/english/advisories/2011/0854VUPEN
http://www.zerodayinitiative.com/advisories/ZDI-11-115/http://www.zerodayinitiative.com/advisories/ZDI-11-115/MISC
soliddb-auth-bypass(66455)https://exchange.xforce.ibmcloud.com/vulnerabilities/66455XF