What is the severity of CVE-2008-3857?

CVE-2008-3857 has a medium severity rating as it allows local users to potentially access sensitive information.

What versions of IBM DB2 are affected by CVE-2008-3857?

CVE-2008-3857 affects IBM DB2 version 9.1 before Fixpak 5 across various platforms.

How do I fix CVE-2008-3857?

To mitigate CVE-2008-3857, upgrade IBM DB2 to version 9.1 Fixpak 5 or later.

What type of attack does CVE-2008-3857 enable?

CVE-2008-3857 enables local users to read memory dumps to obtain cleartext passwords.

Is it safe to use IBM DB2 version 9.1 before Fixpak 5?

Using IBM DB2 version 9.1 before Fixpak 5 is not safe due to the vulnerability identified in CVE-2008-3857.

Vulnerability/
CVE-2008-3857

medium

4.6

CWE

200

28/8/2008

7/8/2024

CVE-2008-3857: Infoleak

First published: Thu Aug 28 2008(Updated: )

The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
IBM DB2 Universal Database	=9.1-fp4
IBM DB2 Universal Database	=9.1-fp4a
IBM DB2 Universal Database	=9.1-fp4
IBM DB2 Universal Database	=9.1-fp4a
IBM DB2 Universal Database	=9.1-fp2
IBM DB2 Universal Database	=9.1-fp3
IBM DB2 Universal Database	=9.1-fp4a
IBM DB2 Universal Database	=9.1
IBM DB2 Universal Database	=9.1-fp3
IBM DB2 Universal Database	=9.1-fp2
IBM DB2 Universal Database	=9.1-fp3
IBM DB2 Universal Database	=9.1-fp2
IBM DB2 Universal Database	=9.1-fp3
IBM DB2 Universal Database	=9.1-fp2
IBM DB2 Universal Database	=9.1-fp3
IBM DB2 Universal Database	=9.1-fp4a
IBM DB2 Universal Database	=9.1-fp4a
IBM DB2 Universal Database	=9.1-fp2
IBM DB2 Universal Database	=9.1-fp4
IBM DB2 Universal Database	=9.1
IBM DB2 Universal Database	=9.1
IBM DB2 Universal Database	=9.1
IBM DB2 Universal Database	=9.1

Remedy

http://www-1.ibm.com/support/docview.wss?uid=swg21255607

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-3857?
CVE-2008-3857 has a medium severity rating as it allows local users to potentially access sensitive information.
What versions of IBM DB2 are affected by CVE-2008-3857?
CVE-2008-3857 affects IBM DB2 version 9.1 before Fixpak 5 across various platforms.
How do I fix CVE-2008-3857?
To mitigate CVE-2008-3857, upgrade IBM DB2 to version 9.1 Fixpak 5 or later.
What type of attack does CVE-2008-3857 enable?
CVE-2008-3857 enables local users to read memory dumps to obtain cleartext passwords.
Is it safe to use IBM DB2 version 9.1 before Fixpak 5?
Using IBM DB2 version 9.1 before Fixpak 5 is not safe due to the vulnerability identified in CVE-2008-3857.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/weakness
agent/remedy
agent/severity
agent/last-modified-date
agent/event
agent/first-publish-date
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/ibm
canonical/ibm db2 universal database
version/ibm db2 universal database/9.1
version/ibm db2 universal database/9.1-fp2
version/ibm db2 universal database/9.1-fp3
version/ibm db2 universal database/9.1-fp4
version/ibm db2 universal database/9.1-fp4a