Summary
The host is running IBM DMC and is prone to multiple Unspecified Security Bypass Vulnerabilities.
Impact
Successful exploitation could allow remote attackers to bypass certain security restrictions or potentially compromise a vulnerable system.
Impact Level: System/Application.
Solution
Upgrade to DB2 Monitoring Console Version 2.2.25 or later.
For updates refer to http://sourceforge.net/projects/db2mc/files/
Insight
- An unspecified error can be exploited to upload files to the web server hosting the application.
- An unspecified error can be exploited to gain access to the database that a user is currently connected to by tricking the user to access malicious link.
Affected
DB2 Monitoring Console Version 2.2.24 and prior.
References
Severity
Classification
-
CVE CVE-2008-7130, CVE-2008-7131 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability