Summary
This host is running IBM solidDB and is prone to authentication bypass vulnerability.
Impact
Successful exploitation could allow remote attackers to bypass authentication.
Impact Level: Application
Solution
Apply the patches from below link,
https://www-304.ibm.com/support/docview.wss?uid=swg21474552
Insight
The flaw exists within the 'solid.exe' process which listens by default on TCP ports 1315, 1964 and 2315. The authentication protocol allows a remote attacker to specify the length of a password hash. An attacker could bypass the authentication by specifying short length value.
Affected
IBM solidDB version before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-1560 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities