DB2 Monitoring Console Multiple Unspecified Security Bypass Vulnerabilities Network Vulnerability

Summary

The host is running IBM DMC and is prone to multiple Unspecified Security Bypass Vulnerabilities.

Impact

Successful exploitation could allow remote attackers to bypass certain security restrictions or potentially compromise a vulnerable system. Impact Level: System/Application.

Solution

Upgrade to DB2 Monitoring Console Version 2.2.25 or later. For updates refer to http://sourceforge.net/projects/db2mc/files/

Insight

- An unspecified error can be exploited to upload files to the web server hosting the application. - An unspecified error can be exploited to gain access to the database that a user is currently connected to by tricking the user to access malicious link.

Affected

DB2 Monitoring Console Version 2.2.24 and prior.

References

http://en.securitylab.ru/nvd/384393.php
http://secunia.com/advisories/29367
http://sourceforge.net/forum/forum.php?forum_id=797405

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7130, CVE-2008-7131

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache Archiva Cross Site Request Forgery Vulnerability

Take action and discover your vulnerabilities