CVE-2003-1049 : IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories wi

IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.

Published 2004-09-28 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2003-1049

IBM » Db2 Universal Database » Version: 7.0 Linux Edition
cpe:2.3:a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*
Matching versions
IBM » Db2 Universal Database » Version: 8.0 Linux Edition
cpe:2.3:a:ibm:db2_universal_database:8.0:*:linux:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2003-1049

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2003-1049

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2003-1049

http://www-1.ibm.com/support/search.wss?rs=0&q=IY44841&apar=only

Vendor Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY44842&apar=only
http://www.securityfocus.com/bid/9243

Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/14030

IBM DB2 DMS directory created with insecure permissions CVE-2003-1052 Vulnerability Report

Jump to

Vulnerability Details : CVE-2003-1049

Products affected by CVE-2003-1049

Exploit prediction scoring system (EPSS) score for CVE-2003-1049

CVSS scores for CVE-2003-1049

References for CVE-2003-1049