CVE-2006-3860 : IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 all

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.

Published 2006-08-17 01:04:00

Updated 2018-10-17 21:32:02

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2006-3860

IBM » Informix Dynamic Database Server » Version: 9.40.uc1
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 9.40.uc2
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 9.40.uc3
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 9.40.tc5
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 10.0
cpe:2.3:a:ibm:informix_dynamic_database_server:10.0:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 10.0 Xc3
cpe:2.3:a:ibm:informix_dynamic_database_server:10.0_xc3:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 9.40.uc5
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc5:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 9.40.xc7
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.xc7:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 9.4
cpe:2.3:a:ibm:informix_dynamic_database_server:9.4:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 7.3
cpe:2.3:a:ibm:informix_dynamic_database_server:7.3:*:*:*:*:*:*:*
Matching versions
IBM » Informix Dynamic Database Server » Version: 7.31 .xd8
cpe:2.3:a:ibm:informix_dynamic_database_server:7.31_.xd8:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-3860

EPSS FAQ

2.38%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-3860

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-3860

Jump to

Vulnerability Details : CVE-2006-3860

Products affected by CVE-2006-3860

Exploit prediction scoring system (EPSS) score for CVE-2006-3860

CVSS scores for CVE-2006-3860

References for CVE-2006-3860