IBM Solid Database < 6.5 Service Pack 2 Handshake Request Username Field Remote Code Execution
Critical Nessus Network Monitor Plugin ID 5599
SynopsisThe remote database server is vulnerable to a remote code execution attack.
DescriptionThe remote host is running IBM SolidDB.
Versions of SolidDB earlier than 188.8.131.52 are potentially affected by a remote code execution vulnerability because the application fails to properly validate the length of the username field. An attacker, exploiting this flaw, could execute arbitrary code subject to the privileges of the user running the affected application.
SolutionUpgrade to IBM SolidDB 6.5 SP2 or later.