← Back

CVE-2018-1633

nvd nist
Published: Aug 20, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.

Affected (12)

Ibm
1 product
Informix Dynamic Server
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Informix Dynamic Server
Version 12.10 fc10
Informix Dynamic Server
Version 12.10 fc11
Informix Dynamic Server
Version 12.10 fc12
Informix Dynamic Server
Version 12.10 fc1
Informix Dynamic Server
Version 12.10 fc2
Informix Dynamic Server
Version 12.10 fc3
Informix Dynamic Server
Version 12.10 fc4
Informix Dynamic Server
Version 12.10 fc5
Informix Dynamic Server
Version 12.10 fc6
Informix Dynamic Server
Version 12.10 fc7
Informix Dynamic Server
Version 12.10 fc8
Informix Dynamic Server
Version 12.10 fc9

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.