CVE-2016-0226

{"id": "CVE-2016-0226", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-03-28T23:59:00.127", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978598", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1035286", "source": "psirt@us.ibm.com"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-16-208/", "source": "psirt@us.ibm.com"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-16-209/", "source": "psirt@us.ibm.com"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-16-210/", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file."}, {"lang": "es", "value": "La implementaci\u00f3n del cliente en IBM Informix Dynamic Server 11.70.xCn en Windows no restringe adecuadamente el acceso a los archivos ejecutables (1) nsrd, (2) nsrexecd y (3) portmap, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de un archivo troyano."}], "lastModified": "2016-12-03T03:16:14.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.70.xcn:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F32589A1-7788-4BCD-8E6B-C1D7EA75CA04"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}