CVE-2011-1560

solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
ibmsoliddb
𝑥
≤ 4.5.180
ibmsoliddb
4.5.167
ibmsoliddb
4.5.168
ibmsoliddb
4.5.169
ibmsoliddb
4.5.173
ibmsoliddb
4.5.175
ibmsoliddb
4.5.176
ibmsoliddb
4.5.178
ibmsoliddb
4.5.179
ibmsoliddb
6.0.1060
ibmsoliddb
6.0.1061
ibmsoliddb
6.0.1064
ibmsoliddb
6.0.1065
ibmsoliddb
6.0.1066
ibmsoliddb
6.1
ibmsoliddb
6.1.18
ibmsoliddb
6.1.20
ibmsoliddb
6.3.33
ibmsoliddb
6.3.37
ibmsoliddb
6.3.38
ibmsoliddb
6.5.0.0
ibmsoliddb
6.5.0.1
ibmsoliddb
6.5.0.2
ibmsoliddb
6.30.0039
ibmsoliddb
6.30.0040
ibmsoliddb
6.30.0044
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/71494
http://secunia.com/advisories/44030
http://www.ibm.com/support/docview.wss?uid=swg21474552
http://www.vupen.com/english/advisories/2011/0854
http://www.zerodayinitiative.com/advisories/ZDI-11-115/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66455
http://osvdb.org/71494
http://secunia.com/advisories/44030
http://www.ibm.com/support/docview.wss?uid=swg21474552
http://www.vupen.com/english/advisories/2011/0854
http://www.zerodayinitiative.com/advisories/ZDI-11-115/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66455