Vulnerability Details : CVE-2008-1880
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.
Exploit prediction scoring system (EPSS) score for CVE-2008-1880
Probability of exploitation activity in the next 30 days: 1.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-1880
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-1880
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1880
Products affected by CVE-2008-1880
- cpe:2.3:a:firebird:firebird:*:r5:*:*:*:*:*:*
- cpe:2.3:a:firebird:firebird:2.0.3.12981.0:*:*:*:*:*:*:*