Vulnerabilities > CVE-2003-1282 - Information Disclosure vulnerability in IBM Net.Data

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

NVD

Published: 2003-12-31

Updated: 2008-09-05

Summary

IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Net.Data *	1

References

http://www.iss.net/security_center/static/11016.php
http://www.securiteam.com/securitynews/5CP061F8VS.html
http://www.securitytracker.com/id?1005890