CVE-2008-3856

critical

Description

The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45140

http://www.securityfocus.com/bid/31058

http://www.securityfocus.com/bid/29601

http://www-1.ibm.com/support/docview.wss?uid=swg21255607

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20352

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20350

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ19155

http://secunia.com/advisories/31787

http://secunia.com/advisories/29784

Details

Source: Mitre, NVD

Published: 2008-08-28

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00829

Detections

Analytics