Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1560

solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.

Published

2011-04-05T15:19:34.947

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-255

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	soliddb	≤ 4.5.180	Yes
Application	ibm	soliddb	4.5.167	Yes
Application	ibm	soliddb	4.5.168	Yes
Application	ibm	soliddb	4.5.169	Yes
Application	ibm	soliddb	4.5.173	Yes
Application	ibm	soliddb	4.5.175	Yes
Application	ibm	soliddb	4.5.176	Yes
Application	ibm	soliddb	4.5.178	Yes
Application	ibm	soliddb	4.5.179	Yes
Application	ibm	soliddb	6.0.1060	Yes
Application	ibm	soliddb	6.0.1061	Yes
Application	ibm	soliddb	6.0.1064	Yes
Application	ibm	soliddb	6.0.1065	Yes
Application	ibm	soliddb	6.0.1066	Yes
Application	ibm	soliddb	6.1	Yes
Application	ibm	soliddb	6.1.18	Yes
Application	ibm	soliddb	6.1.20	Yes
Application	ibm	soliddb	6.3.33	Yes
Application	ibm	soliddb	6.3.37	Yes
Application	ibm	soliddb	6.3.38	Yes
Application	ibm	soliddb	6.5.0.0	Yes
Application	ibm	soliddb	6.5.0.1	Yes
Application	ibm	soliddb	6.5.0.2	Yes
Application	ibm	soliddb	6.30.0039	Yes
Application	ibm	soliddb	6.30.0040	Yes
Application	ibm	soliddb	6.30.0044	Yes

References

http://osvdb.org/71494 ([email protected])
http://secunia.com/advisories/44030 ([email protected])
http://www.ibm.com/support/docview.wss?uid=swg21474552 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0854 ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-11-115/ ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/66455 ([email protected])
http://osvdb.org/71494 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/44030 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=swg21474552 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0854 (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-11-115/ (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66455 (af854a3a-2127-422b-91ae-364da2661108)