CVE-2011-1560
Last modified
CVE-2011-1560 is a vulnerability of currently unknown severity. solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.. EPSS estimates a 3.99% chance of exploitation in the next 30 days.
Description
solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Soliddb | <= 4.5.180 |
| Ibm | Soliddb | 4.5.167 |
| Ibm | Soliddb | 4.5.168 |
| Ibm | Soliddb | 4.5.169 |
| Ibm | Soliddb | 4.5.173 |
| Ibm | Soliddb | 4.5.175 |
| Ibm | Soliddb | 4.5.176 |
| Ibm | Soliddb | 4.5.178 |
| Ibm | Soliddb | 4.5.179 |
| Ibm | Soliddb | 6.0.1060 |
| Ibm | Soliddb | 6.0.1061 |
| Ibm | Soliddb | 6.0.1064 |
| Ibm | Soliddb | 6.0.1065 |
| Ibm | Soliddb | 6.0.1066 |
| Ibm | Soliddb | 6.1 |
| Ibm | Soliddb | 6.1.18 |
| Ibm | Soliddb | 6.1.20 |
| Ibm | Soliddb | 6.3.33 |
| Ibm | Soliddb | 6.3.37 |
| Ibm | Soliddb | 6.3.38 |
| Ibm | Soliddb | 6.5.0.0 |
| Ibm | Soliddb | 6.5.0.1 |
| Ibm | Soliddb | 6.5.0.2 |
| Ibm | Soliddb | 6.30.0039 |
| Ibm | Soliddb | 6.30.0040 |
| Ibm | Soliddb | 6.30.0044 |
References
- http://www.ibm.com/support/docview.wss?uid=swg21474552Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21474552Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-1560?
How severe is CVE-2011-1560?
How do I fix CVE-2011-1560?
Are you affected by CVE-2011-1560?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST