Vulnerability-Lookup - Search a vulnerability

CVE-2009-3473 (GCVE-0-2009-3473)

Vulnerability from cvelistv5

Published

2009-09-29 21:00

Modified

2024-08-07 06:31

Severity ?

CWE

n/a

Summary

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.

References

►

URL

Tags

	http://www.securityfocus.com/bid/36540	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883	vendor-advisory, x_refsource_AIXAPAR
	http://osvdb.org/58479	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/36890	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg21403619	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "36540",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36540"
          },
          {
            "name": "IZ55883",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883"
          },
          {
            "name": "58479",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/58479"
          },
          {
            "name": "36890",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36890"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-10-14T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "36540",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36540"
        },
        {
          "name": "IZ55883",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883"
        },
        {
          "name": "58479",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/58479"
        },
        {
          "name": "36890",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36890"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3473",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36540",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36540"
            },
            {
              "name": "IZ55883",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883"
            },
            {
              "name": "58479",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/58479"
            },
            {
              "name": "36890",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36890"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3473",
    "datePublished": "2009-09-29T21:00:00",
    "dateReserved": "2009-09-29T00:00:00",
    "dateUpdated": "2024-08-07T06:31:10.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3734 (GCVE-0-2010-3734)

Vulnerability from cvelistv5

Published

2010-10-05 17:00

Modified

2024-08-07 03:18

Severity ?

CWE

n/a

Summary

The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.

References

►

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856	vendor-advisory, x_refsource_AIXAPAR
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:53.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:14764",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764"
          },
          {
            "name": "IC62856",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:14764",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764"
        },
        {
          "name": "IC62856",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3734",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:14764",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764"
            },
            {
              "name": "IC62856",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3734",
    "datePublished": "2010-10-05T17:00:00",
    "dateReserved": "2010-10-05T00:00:00",
    "dateUpdated": "2024-08-07T03:18:53.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-35637 (GCVE-0-2022-35637)

Vulnerability from cvelistv5

Published

2022-09-13 20:45

Modified

2024-09-16 19:40

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6618775
	https://exchange.xforce.ibmcloud.com/vulnerabilities/230823	vdb-entry
	https://security.netapp.com/advisory/ntap-20230921-0003/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:36:44.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6618775"
          },
          {
            "name": "ibm-db2-cve202235637-dos (230823)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230823"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230921-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2022-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:N/A:H/I:N/AV:N/UI:N/S:U/PR:L/AC:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-21T16:06:14.219014",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/6618775"
        },
        {
          "name": "ibm-db2-cve202235637-dos (230823)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230823"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230921-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-35637",
    "datePublished": "2022-09-13T20:45:27.233996Z",
    "dateReserved": "2022-07-11T00:00:00",
    "dateUpdated": "2024-09-16T19:40:50.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4945 (GCVE-0-2020-4945)

Vulnerability from cvelistv5

Published

2021-06-24 18:45

Modified

2024-09-16 16:42

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

CWE

Data Manipulation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6466367	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/191945	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210720-0006/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux and UNIX	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6466367"
          },
          {
            "name": "ibm-db2-cve20204945-file-overwrite (191945)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191945"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux and UNIX",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/UI:N/I:H/AC:L/PR:L/AV:N/C:N/S:U/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:07:06",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6466367"
        },
        {
          "name": "ibm-db2-cve20204945-file-overwrite (191945)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191945"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-06-23T00:00:00",
          "ID": "CVE-2020-4945",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux and UNIX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6466367",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6466367 (DB2 for Linux and UNIX)",
              "url": "https://www.ibm.com/support/pages/node/6466367"
            },
            {
              "name": "ibm-db2-cve20204945-file-overwrite (191945)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191945"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210720-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4945",
    "datePublished": "2021-06-24T18:45:26.111811Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T16:42:40.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29255 (GCVE-0-2023-29255)

Vulnerability from cvelistv5

Published

2023-04-27 12:47

Modified

2025-02-13 16:49

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6985687	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/251991	vdb-entry
	https://security.netapp.com/advisory/ntap-20230511-0010/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6985687"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251991"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29255",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T21:00:20.277548Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T21:00:24.722Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block.  IBM X-Force ID:  251991."
            }
          ],
          "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block.  IBM X-Force ID:  251991."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-11T14:06:15.521Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6985687"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251991"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM DB2 for Linux, UNIX and Windows denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-29255",
    "datePublished": "2023-04-27T12:47:02.803Z",
    "dateReserved": "2023-04-04T18:45:55.861Z",
    "dateUpdated": "2025-02-13T16:49:04.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-36071 (GCVE-0-2025-36071)

Vulnerability from cvelistv5

Published

2025-07-29 18:27

Modified

2025-07-29 19:32

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-772 - Missing Release of Resource after Effective Lifetime

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7240955

vendor-advisory, patch

Impacted products

	Vendor	Product	Version
	IBM	IBM Db2	Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.2 cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos:: cpe:2.3:a:ibm:db2:12.1.2:::::linux:: cpe:2.3:a:ibm:db2:12.1.2:::::unix:: cpe:2.3:a:ibm:db2:12.1.2:::::aix:: cpe:2.3:a:ibm:db2:12.1.2:::::windows:: cpe:2.3:a:ibm:db2:12.1.2:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36071",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-29T19:32:03.369341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T19:32:16.496Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "Unix",
            "AIX",
            "z/OS"
          ],
          "product": "IBM Db2",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.2",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-772",
              "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T18:27:40.227Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7240955"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eRelease  Fixed in mod pack  APAR  Download URL\u003cbr\u003eV11.5  TBD  DT425663  \u003cbr\u003eSpecial Build #62071 or later for V11.5.9 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003cbr\u003eV12.1  V12.1.2  DT425663  \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\n \n\nRelease  Fixed in mod pack  APAR  Download URL\nV11.5  TBD  DT425663  \nSpecial Build #62071 or later for V11.5.9 available at this link:\n\n https://www.ibm.com/support/pages/node/7087189 \nV12.1  V12.1.2  DT425663  \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36071",
    "datePublished": "2025-07-29T18:27:40.227Z",
    "dateReserved": "2025-04-15T21:16:13.121Z",
    "dateUpdated": "2025-07-29T19:32:16.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4101 (GCVE-0-2019-4101)

Vulnerability from cvelistv5

Published

2019-07-01 15:05

Modified

2024-09-16 18:13

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880741	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/158091	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/109021	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
          },
          {
            "name": "ibm-db2-cve20194101-dos (158091)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091"
          },
          {
            "name": "109021",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109021"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/I:N/AV:L/AC:L/C:N/PR:N/A:H/S:U/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-04T14:06:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
        },
        {
          "name": "ibm-db2-cve20194101-dos (158091)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091"
        },
        {
          "name": "109021",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109021"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-27T00:00:00",
          "ID": "CVE-2019-4101",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880741",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880741 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
            },
            {
              "name": "ibm-db2-cve20194101-dos (158091)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091"
            },
            {
              "name": "109021",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109021"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4101",
    "datePublished": "2019-07-01T15:05:37.630430Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:13:44.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-1905 (GCVE-0-2009-1905)

Vulnerability from cvelistv5

Published

2009-06-03 20:35

Modified

2024-08-07 05:27

Severity ?

CWE

n/a

Summary

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/50909	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/36540	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/bid/35171	vdb-entry, x_refsource_BID
	http://securitytracker.com/id?1022319	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/31787	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/35235	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.880Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "ibmdb2-ldap-security-bypass(50909)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50909"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
          },
          {
            "name": "36540",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36540"
          },
          {
            "name": "35171",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35171"
          },
          {
            "name": "1022319",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022319"
          },
          {
            "name": "JR32268",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "JR32272",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272"
          },
          {
            "name": "31787",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31787"
          },
          {
            "name": "JR32273",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273"
          },
          {
            "name": "35235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35235"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "ibmdb2-ldap-security-bypass(50909)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50909"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
        },
        {
          "name": "36540",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36540"
        },
        {
          "name": "35171",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35171"
        },
        {
          "name": "1022319",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022319"
        },
        {
          "name": "JR32268",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "JR32272",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272"
        },
        {
          "name": "31787",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31787"
        },
        {
          "name": "JR32273",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273"
        },
        {
          "name": "35235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35235"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1905",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "ibmdb2-ldap-security-bypass(50909)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50909"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
            },
            {
              "name": "36540",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36540"
            },
            {
              "name": "35171",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35171"
            },
            {
              "name": "1022319",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022319"
            },
            {
              "name": "JR32268",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "JR32272",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272"
            },
            {
              "name": "31787",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31787"
            },
            {
              "name": "JR32273",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273"
            },
            {
              "name": "35235",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35235"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1905",
    "datePublished": "2009-06-03T20:35:00",
    "dateReserved": "2009-06-03T00:00:00",
    "dateUpdated": "2024-08-07T05:27:54.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0915 (GCVE-0-2025-0915)

Vulnerability from cvelistv5

Published

2025-05-05 20:56

Modified

2025-05-06 02:53

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7232529

vendor-advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.1 cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0915",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-06T02:53:46.779104Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T02:53:57.866Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.1",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eunder specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\n\n\nunder specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-05T20:56:42.580Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7232529"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5 and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability."
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V11.5 and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-0915",
    "datePublished": "2025-05-05T20:56:42.580Z",
    "dateReserved": "2025-01-30T23:47:48.401Z",
    "dateUpdated": "2025-05-06T02:53:57.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5995 (GCVE-0-2016-5995)

Vulnerability from cvelistv5

Published

2016-10-01 01:00

Modified

2024-08-06 01:15

Severity ?

CWE

n/a

Summary

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id/1036837	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/93012	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21990061	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IT17012",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012"
          },
          {
            "name": "IT16921",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921"
          },
          {
            "name": "1036837",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036837"
          },
          {
            "name": "93012",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93012"
          },
          {
            "name": "IT17010",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990061"
          },
          {
            "name": "IT17011",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IT17012",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012"
        },
        {
          "name": "IT16921",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921"
        },
        {
          "name": "1036837",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036837"
        },
        {
          "name": "93012",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93012"
        },
        {
          "name": "IT17010",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990061"
        },
        {
          "name": "IT17011",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5995",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IT17012",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012"
            },
            {
              "name": "IT16921",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921"
            },
            {
              "name": "1036837",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036837"
            },
            {
              "name": "93012",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93012"
            },
            {
              "name": "IT17010",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990061",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990061"
            },
            {
              "name": "IT17011",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5995",
    "datePublished": "2016-10-01T01:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1897 (GCVE-0-2018-1897)

Vulnerability from cvelistv5

Published

2018-11-30 15:00

Modified

2024-09-16 22:56

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.

References

►

URL

Tags

	http://www.securityfocus.com/bid/106060	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=ibm10737295	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/152462	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1042165	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106060",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106060"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737295"
          },
          {
            "name": "ibm-db2-cve20181897-bo(152462)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152462"
          },
          {
            "name": "1042165",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042165"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-04T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "106060",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106060"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737295"
        },
        {
          "name": "ibm-db2-cve20181897-bo(152462)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152462"
        },
        {
          "name": "1042165",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042165"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-27T00:00:00",
          "ID": "CVE-2018-1897",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106060",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106060"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10737295",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737295"
            },
            {
              "name": "ibm-db2-cve20181897-bo(152462)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152462"
            },
            {
              "name": "1042165",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042165"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1897",
    "datePublished": "2018-11-30T15:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T22:56:05.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4057 (GCVE-0-2019-4057)

Vulnerability from cvelistv5

Published

2019-07-01 15:05

Modified

2024-09-16 18:09

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880735	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/156567	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880735"
          },
          {
            "name": "ibm-db2-cve20194057-priv-escalation (156567)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156567"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/A:H/I:H/UI:N/PR:H/C:H/AC:L/AV:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-01T15:05:37",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880735"
        },
        {
          "name": "ibm-db2-cve20194057-priv-escalation (156567)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156567"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-27T00:00:00",
          "ID": "CVE-2019-4057",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880735",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880735 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880735"
            },
            {
              "name": "ibm-db2-cve20194057-priv-escalation (156567)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156567"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4057",
    "datePublished": "2019-07-01T15:05:37.482843Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:09:24.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1997 (GCVE-0-2008-1997)

Vulnerability from cvelistv5

Published

2008-04-28 18:21

Modified

2024-08-07 08:41

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.

References

►

URL

Tags

	http://www.securityfocus.com/archive/1/491075/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/29022	third-party-advisory, x_refsource_SECUNIA
	http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml	x_refsource_MISC
	http://securityreason.com/securityalert/3841	third-party-advisory, x_refsource_SREASON

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:41:00.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
          },
          {
            "name": "IZ06972",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
          },
          {
            "name": "29022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29022"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
          },
          {
            "name": "3841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3841"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
        },
        {
          "name": "IZ06972",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
        },
        {
          "name": "29022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29022"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
        },
        {
          "name": "3841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3841"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1997",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
            },
            {
              "name": "IZ06972",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
            },
            {
              "name": "29022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29022"
            },
            {
              "name": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml",
              "refsource": "MISC",
              "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
            },
            {
              "name": "3841",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3841"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1997",
    "datePublished": "2008-04-28T18:21:00",
    "dateReserved": "2008-04-28T00:00:00",
    "dateUpdated": "2024-08-07T08:41:00.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-1796 (GCVE-0-2012-1796)

Vulnerability from cvelistv5

Published

2012-03-20 20:00

Modified

2024-08-06 19:08

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21586193	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/74325	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:08:38.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586193"
          },
          {
            "name": "oval:org.mitre.oval:def:14526",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526"
          },
          {
            "name": "IC79970",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970"
          },
          {
            "name": "db2-itma-priv-esc(74325)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74325"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586193"
        },
        {
          "name": "oval:org.mitre.oval:def:14526",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526"
        },
        {
          "name": "IC79970",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970"
        },
        {
          "name": "db2-itma-priv-esc(74325)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74325"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1796",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21586193",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586193"
            },
            {
              "name": "oval:org.mitre.oval:def:14526",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526"
            },
            {
              "name": "IC79970",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970"
            },
            {
              "name": "db2-itma-priv-esc(74325)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74325"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-1796",
    "datePublished": "2012-03-20T20:00:00",
    "dateReserved": "2012-03-20T00:00:00",
    "dateUpdated": "2024-08-06T19:08:38.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1847 (GCVE-0-2011-1847)

Vulnerability from cvelistv5

Published

2011-05-03 20:00

Modified

2024-08-06 22:45

Severity ?

CWE

n/a

Summary

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2011/1083	vdb-entry, x_refsource_VUPEN
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66979	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/47525	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/44229	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:45:58.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-1083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1083"
          },
          {
            "name": "IC72119",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119"
          },
          {
            "name": "ibm-db2-rds-sec-bypass(66979)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66979"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC72119"
          },
          {
            "name": "47525",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47525"
          },
          {
            "name": "oval:org.mitre.oval:def:14122",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71413"
          },
          {
            "name": "IC71413",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413"
          },
          {
            "name": "44229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44229"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-1083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1083"
        },
        {
          "name": "IC72119",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119"
        },
        {
          "name": "ibm-db2-rds-sec-bypass(66979)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66979"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC72119"
        },
        {
          "name": "47525",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47525"
        },
        {
          "name": "oval:org.mitre.oval:def:14122",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71413"
        },
        {
          "name": "IC71413",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413"
        },
        {
          "name": "44229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44229"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1847",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-1083",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1083"
            },
            {
              "name": "IC72119",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119"
            },
            {
              "name": "ibm-db2-rds-sec-bypass(66979)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66979"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC72119",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC72119"
            },
            {
              "name": "47525",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47525"
            },
            {
              "name": "oval:org.mitre.oval:def:14122",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71413",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71413"
            },
            {
              "name": "IC71413",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413"
            },
            {
              "name": "44229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44229"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1847",
    "datePublished": "2011-05-03T20:00:00",
    "dateReserved": "2011-05-03T00:00:00",
    "dateUpdated": "2024-08-06T22:45:58.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1439 (GCVE-0-2017-1439)

Vulnerability from cvelistv5

Published

2017-09-12 21:00

Modified

2024-09-16 22:15

Severity ?

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039301	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg22006061	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100690	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/128058	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039301",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039301"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
          },
          {
            "name": "100690",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100690"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128058"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1039301",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039301"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
        },
        {
          "name": "100690",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100690"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128058"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-09-07T00:00:00",
          "ID": "CVE-2017-1439",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039301",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039301"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006061",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
            },
            {
              "name": "100690",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100690"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128058",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128058"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1439",
    "datePublished": "2017-09-12T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T22:15:16.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-1560 (GCVE-0-2010-1560)

Vulnerability from cvelistv5

Published

2010-04-27 15:00

Modified

2024-08-07 01:28

Severity ?

CWE

n/a

Summary

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.

References

►

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14613	vdb-entry, signature, x_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilities/58070	vdb-entry, x_refsource_XF
	http://osvdb.org/64041	vdb-entry, x_refsource_OSVDB
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/39500	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0982	vdb-entry, x_refsource_VUPEN
	http://attrition.org/pipermail/vim/2010-April/002341.html	mailing-list, x_refsource_VIM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:41.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:14613",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14613"
          },
          {
            "name": "db2-repeat-dos(58070)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58070"
          },
          {
            "name": "64041",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/64041"
          },
          {
            "name": "IC65922",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
          },
          {
            "name": "39500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39500"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "name": "ADV-2010-0982",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0982"
          },
          {
            "name": "20100423 IBM \u0027REPEAT\u0027 BoF advisory - APAR IC65922",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://attrition.org/pipermail/vim/2010-April/002341.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:14613",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14613"
        },
        {
          "name": "db2-repeat-dos(58070)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58070"
        },
        {
          "name": "64041",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/64041"
        },
        {
          "name": "IC65922",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
        },
        {
          "name": "39500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39500"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "name": "ADV-2010-0982",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0982"
        },
        {
          "name": "20100423 IBM \u0027REPEAT\u0027 BoF advisory - APAR IC65922",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://attrition.org/pipermail/vim/2010-April/002341.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1560",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:14613",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14613"
            },
            {
              "name": "db2-repeat-dos(58070)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58070"
            },
            {
              "name": "64041",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/64041"
            },
            {
              "name": "IC65922",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
            },
            {
              "name": "39500",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39500"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
            },
            {
              "name": "ADV-2010-0982",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0982"
            },
            {
              "name": "20100423 IBM \u0027REPEAT\u0027 BoF advisory - APAR IC65922",
              "refsource": "VIM",
              "url": "http://attrition.org/pipermail/vim/2010-April/002341.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1560",
    "datePublished": "2010-04-27T15:00:00",
    "dateReserved": "2010-04-27T00:00:00",
    "dateUpdated": "2024-08-07T01:28:41.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1799 (GCVE-0-2018-1799)

Vulnerability from cvelistv5

Published

2018-11-09 00:00

Modified

2024-09-16 23:56

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

CWE

File Manipulation

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429.

References

►

URL

Tags

	http://www.securityfocus.com/bid/105885	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=ibm10733939	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/149429	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1042086	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105885",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
          },
          {
            "name": "ibm-db2-cve20181799--file-write(149429)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149429"
          },
          {
            "name": "1042086",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042086"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:N/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-16T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "105885",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
        },
        {
          "name": "ibm-db2-cve20181799--file-write(149429)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149429"
        },
        {
          "name": "1042086",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042086"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-05T00:00:00",
          "ID": "CVE-2018-1799",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "L",
              "C": "N",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105885",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105885"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733939",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
            },
            {
              "name": "ibm-db2-cve20181799--file-write(149429)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149429"
            },
            {
              "name": "1042086",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042086"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1799",
    "datePublished": "2018-11-09T00:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T23:56:54.173Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1027 (GCVE-0-2007-1027)

Vulnerability from cvelistv5

Published

2007-02-21 11:00

Modified

2024-08-07 12:43

Severity ?

CWE

n/a

Summary

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

References

►

URL

Tags

	http://secunia.com/advisories/24213	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1017665	vdb-entry, x_refsource_SECTRACK
	http://osvdb.org/34024	vdb-entry, x_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/0652	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/22614	vdb-entry, x_refsource_BID
	http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id?1017695	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:43:22.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24213",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24213"
          },
          {
            "name": "1017665",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017665"
          },
          {
            "name": "34024",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34024"
          },
          {
            "name": "ADV-2007-0652",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0652"
          },
          {
            "name": "22614",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22614"
          },
          {
            "name": "IY94817",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817"
          },
          {
            "name": "1017695",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017695"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-02-28T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24213",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24213"
        },
        {
          "name": "1017665",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017665"
        },
        {
          "name": "34024",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34024"
        },
        {
          "name": "ADV-2007-0652",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0652"
        },
        {
          "name": "22614",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22614"
        },
        {
          "name": "IY94817",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817"
        },
        {
          "name": "1017695",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017695"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24213",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24213"
            },
            {
              "name": "1017665",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017665"
            },
            {
              "name": "34024",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34024"
            },
            {
              "name": "ADV-2007-0652",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0652"
            },
            {
              "name": "22614",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22614"
            },
            {
              "name": "IY94817",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817"
            },
            {
              "name": "1017695",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017695"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1027",
    "datePublished": "2007-02-21T11:00:00",
    "dateReserved": "2007-02-20T00:00:00",
    "dateUpdated": "2024-08-07T12:43:22.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1922 (GCVE-0-2018-1922)

Vulnerability from cvelistv5

Published

2019-03-11 22:00

Modified

2024-09-17 02:51

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/152858	vdb-entry, x_refsource_XF
	https://www.ibm.com/support/docview.wss?uid=ibm10740413	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/107398	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-db2-cve20181922-bo(152858)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152858"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
          },
          {
            "name": "107398",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107398"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-db2-cve20181922-bo(152858)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152858"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
        },
        {
          "name": "107398",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107398"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-db2-cve20181922-bo(152858)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152858"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10740413",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
            },
            {
              "name": "107398",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107398"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1922",
    "datePublished": "2019-03-11T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T02:51:42.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0696 (GCVE-0-2008-0696)

Vulnerability from cvelistv5

Published

2008-02-12 00:00

Modified

2024-08-07 07:54

Severity ?

CWE

n/a

Summary

IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://secunia.com/advisories/28771	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0401	vdb-entry, x_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:22.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "28771",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28771"
          },
          {
            "name": "ADV-2008-0401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0401"
          },
          {
            "name": "IZ07337",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "28771",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28771"
        },
        {
          "name": "ADV-2008-0401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0401"
        },
        {
          "name": "IZ07337",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0696",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "28771",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28771"
            },
            {
              "name": "ADV-2008-0401",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0401"
            },
            {
              "name": "IZ07337",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0696",
    "datePublished": "2008-02-12T00:00:00",
    "dateReserved": "2008-02-11T00:00:00",
    "dateUpdated": "2024-08-07T07:54:22.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29258 (GCVE-0-2023-29258)

Vulnerability from cvelistv5

Published

2023-12-04 01:12

Modified

2025-02-13 16:49

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7087218	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/252048	vdb-entry
	https://security.netapp.com/advisory/ntap-20240112-0002/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7087218"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252048"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240112-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.  IBM X-Force ID:  252048."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.  IBM X-Force ID:  252048."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T14:06:19.587Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7087218"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252048"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240112-0002/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-29258",
    "datePublished": "2023-12-04T01:12:20.327Z",
    "dateReserved": "2023-04-04T18:46:07.427Z",
    "dateUpdated": "2025-02-13T16:49:05.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-3050 (GCVE-0-2025-3050)

Vulnerability from cvelistv5

Published

2025-05-29 19:13

Modified

2025-05-30 12:36

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7235073

vendor-advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.1 cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3050",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-30T12:35:57.274561Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T12:36:04.995Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.1",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-29T19:13:06.140Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7235073"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9, and V12.1.1. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9, and V12.1.1. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-3050",
    "datePublished": "2025-05-29T19:13:06.140Z",
    "dateReserved": "2025-03-31T14:14:26.693Z",
    "dateUpdated": "2025-05-30T12:36:04.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-6820 (GCVE-0-2008-6820)

Vulnerability from cvelistv5

Published

2009-06-03 20:35

Modified

2024-08-07 11:42

Severity ?

CWE

n/a

Summary

The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/31058	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026	vendor-advisory, x_refsource_AIXAPAR
	http://osvdb.org/48149	vdb-entry, x_refsource_OSVDB
	http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:42:00.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "31058",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31058"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
          },
          {
            "name": "JR30227",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227"
          },
          {
            "name": "JR30026",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026"
          },
          {
            "name": "48149",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/48149"
          },
          {
            "name": "JR30228",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with \"OS privilege,\" which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-07-15T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "31058",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31058"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
        },
        {
          "name": "JR30227",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227"
        },
        {
          "name": "JR30026",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026"
        },
        {
          "name": "48149",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/48149"
        },
        {
          "name": "JR30228",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6820",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with \"OS privilege,\" which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "31058",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31058"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
            },
            {
              "name": "JR30227",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227"
            },
            {
              "name": "JR30026",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026"
            },
            {
              "name": "48149",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/48149"
            },
            {
              "name": "JR30228",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-6820",
    "datePublished": "2009-06-03T20:35:00",
    "dateReserved": "2009-06-03T00:00:00",
    "dateUpdated": "2024-08-07T11:42:00.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1105 (GCVE-0-2017-1105)

Vulnerability from cvelistv5

Published

2017-06-27 16:00

Modified

2024-08-05 13:25

Severity ?

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.

References

►

URL

Tags

	http://www.securityfocus.com/bid/99264	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1038773	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg22003877	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/120668	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99264"
          },
          {
            "name": "1038773",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038773"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003877"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "99264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99264"
        },
        {
          "name": "1038773",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038773"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003877"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1105",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99264",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99264"
            },
            {
              "name": "1038773",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038773"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003877",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003877"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1105",
    "datePublished": "2017-06-27T16:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:25:17.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-6821 (GCVE-0-2008-6821)

Vulnerability from cvelistv5

Published

2009-06-03 20:35

Modified

2024-08-07 11:42

Severity ?

CWE

n/a

Summary

Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/31787	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/35408	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/51108	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:42:00.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
          },
          {
            "name": "IZ22004",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004"
          },
          {
            "name": "IZ22188",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188"
          },
          {
            "name": "IZ22190",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190"
          },
          {
            "name": "31787",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31787"
          },
          {
            "name": "35408",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35408"
          },
          {
            "name": "db2-das-bo(51108)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51108"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
        },
        {
          "name": "IZ22004",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004"
        },
        {
          "name": "IZ22188",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188"
        },
        {
          "name": "IZ22190",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190"
        },
        {
          "name": "31787",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31787"
        },
        {
          "name": "35408",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35408"
        },
        {
          "name": "db2-das-bo(51108)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51108"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6821",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
            },
            {
              "name": "IZ22004",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004"
            },
            {
              "name": "IZ22188",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188"
            },
            {
              "name": "IZ22190",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190"
            },
            {
              "name": "31787",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31787"
            },
            {
              "name": "35408",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35408"
            },
            {
              "name": "db2-das-bo(51108)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51108"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-6821",
    "datePublished": "2009-06-03T20:35:00",
    "dateReserved": "2009-06-03T00:00:00",
    "dateUpdated": "2024-08-07T11:42:00.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0712 (GCVE-0-2012-0712)

Vulnerability from cvelistv5

Published

2012-03-20 20:00

Modified

2024-08-06 18:30

Severity ?

CWE

n/a

Summary

The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/73496	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21588098	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:30:54.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-xmlfeature-dos(73496)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73496"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588098"
          },
          {
            "name": "oval:org.mitre.oval:def:14450",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450"
          },
          {
            "name": "IC81380",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380"
          },
          {
            "name": "IC81379",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379"
          },
          {
            "name": "IC81837",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "db2-xmlfeature-dos(73496)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73496"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588098"
        },
        {
          "name": "oval:org.mitre.oval:def:14450",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450"
        },
        {
          "name": "IC81380",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380"
        },
        {
          "name": "IC81379",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379"
        },
        {
          "name": "IC81837",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0712",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-xmlfeature-dos(73496)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73496"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21588098",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588098"
            },
            {
              "name": "oval:org.mitre.oval:def:14450",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450"
            },
            {
              "name": "IC81380",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380"
            },
            {
              "name": "IC81379",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379"
            },
            {
              "name": "IC81837",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0712",
    "datePublished": "2012-03-20T20:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:30:54.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30449 (GCVE-0-2023-30449)

Vulnerability from cvelistv5

Published

2023-07-08 18:31

Modified

2025-02-13 16:49

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010557	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/253439	vdb-entry
	https://security.netapp.com/advisory/ntap-20230731-0007/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:21:44.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010557"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253439"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2_for_linux_unix_and_windows:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "db2_for_linux_unix_and_windows",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              },
              {
                "status": "affected",
                "version": "11.1"
              },
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30449",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T19:34:03.271920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T19:34:57.527Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  253439."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  253439."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:37.768Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010557"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253439"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30449",
    "datePublished": "2023-07-08T18:31:30.940Z",
    "dateReserved": "2023-04-08T15:56:40.869Z",
    "dateUpdated": "2025-02-13T16:49:28.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4331 (GCVE-0-2009-4331)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-08-07 07:01

Severity ?

CWE

n/a

Summary

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959	vendor-advisory, x_refsource_AIXAPAR
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT	x_refsource_CONFIRM
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:20.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC63959",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          },
          {
            "name": "IC63581",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-10-07T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC63959",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        },
        {
          "name": "IC63581",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4331",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC63959",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            },
            {
              "name": "IC63581",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4331",
    "datePublished": "2009-12-16T18:00:00",
    "dateReserved": "2009-12-16T00:00:00",
    "dateUpdated": "2024-08-07T07:01:20.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37071 (GCVE-0-2024-37071)

Vulnerability from cvelistv5

Published

2024-12-07 12:53

Modified

2024-12-09 18:02

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-789 - Uncontrolled Memory Allocation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7175940

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37071",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T17:37:10.296290Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T18:02:16.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-07T12:53:31.722Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7175940"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-37071",
    "datePublished": "2024-12-07T12:53:31.722Z",
    "dateReserved": "2024-06-02T15:43:57.554Z",
    "dateUpdated": "2024-12-09T18:02:16.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0711 (GCVE-0-2012-0711)

Vulnerability from cvelistv5

Published

2012-03-20 20:00

Modified

2024-08-06 18:30

Severity ?

CWE

n/a

Summary

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/73495	vdb-entry, x_refsource_XF
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/bid/77826	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21588093	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:30:54.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-db2dasrrm-bo(73495)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73495"
          },
          {
            "name": "oval:org.mitre.oval:def:14842",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842"
          },
          {
            "name": "77826",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77826"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588093"
          },
          {
            "name": "IC80728",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728"
          },
          {
            "name": "IC80729",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729"
          },
          {
            "name": "IC80561",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "db2-db2dasrrm-bo(73495)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73495"
        },
        {
          "name": "oval:org.mitre.oval:def:14842",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842"
        },
        {
          "name": "77826",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77826"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588093"
        },
        {
          "name": "IC80728",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728"
        },
        {
          "name": "IC80729",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729"
        },
        {
          "name": "IC80561",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0711",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-db2dasrrm-bo(73495)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73495"
            },
            {
              "name": "oval:org.mitre.oval:def:14842",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842"
            },
            {
              "name": "77826",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77826"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21588093",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588093"
            },
            {
              "name": "IC80728",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728"
            },
            {
              "name": "IC80729",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729"
            },
            {
              "name": "IC80561",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0711",
    "datePublished": "2012-03-20T20:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:30:54.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1458 (GCVE-0-2018-1458)

Vulnerability from cvelistv5

Published

2018-07-10 16:00

Modified

2024-09-16 23:56

Severity ?

7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=swg22016624	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/140209	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1041230	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22016624"
          },
          {
            "name": "ibm-db2-cve20181458-priv-escalation(140209)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140209"
          },
          {
            "name": "1041230",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041230"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:H/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22016624"
        },
        {
          "name": "ibm-db2-cve20181458-priv-escalation(140209)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140209"
        },
        {
          "name": "1041230",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041230"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-06T00:00:00",
          "ID": "CVE-2018-1458",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22016624",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22016624"
            },
            {
              "name": "ibm-db2-cve20181458-priv-escalation(140209)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140209"
            },
            {
              "name": "1041230",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041230"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1458",
    "datePublished": "2018-07-10T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T23:56:55.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1978 (GCVE-0-2018-1978)

Vulnerability from cvelistv5

Published

2019-03-11 22:00

Modified

2024-09-16 20:11

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10740413	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/107398	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/154069	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
          },
          {
            "name": "107398",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107398"
          },
          {
            "name": "ibm-db2-cve20181978-bo(154069)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154069"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
        },
        {
          "name": "107398",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107398"
        },
        {
          "name": "ibm-db2-cve20181978-bo(154069)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154069"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1978",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10740413",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
            },
            {
              "name": "107398",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107398"
            },
            {
              "name": "ibm-db2-cve20181978-bo(154069)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154069"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1978",
    "datePublished": "2019-03-11T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T20:11:48.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38926 (GCVE-0-2021-38926)

Vulnerability from cvelistv5

Published

2021-12-09 17:00

Modified

2024-09-16 21:03

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6523808	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/210321	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20220114-0002/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:51:20.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6523808"
          },
          {
            "name": "ibm-db2-cve202138926-priv-escalation (210321)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/S:U/AV:L/C:N/AC:L/I:H/UI:N/A:N/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-14T06:06:17",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6523808"
        },
        {
          "name": "ibm-db2-cve202138926-priv-escalation (210321)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-12-08T00:00:00",
          "ID": "CVE-2021-38926",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "L",
              "C": "N",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6523808",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6523808 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6523808"
            },
            {
              "name": "ibm-db2-cve202138926-priv-escalation (210321)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210321"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220114-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38926",
    "datePublished": "2021-12-09T17:00:27.785050Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-16T21:03:40.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1780 (GCVE-0-2018-1780)

Vulnerability from cvelistv5

Published

2018-11-09 00:00

Modified

2024-09-16 19:14

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.

References

►

URL

Tags

	http://www.securityfocus.com/bid/105885	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/148803	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=ibm10733939	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1042086	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105885",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105885"
          },
          {
            "name": "ibm-db2-cve20181780-priv-escalation(148803)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148803"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
          },
          {
            "name": "1042086",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042086"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-16T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "105885",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105885"
        },
        {
          "name": "ibm-db2-cve20181780-priv-escalation(148803)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148803"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
        },
        {
          "name": "1042086",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042086"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-05T00:00:00",
          "ID": "CVE-2018-1780",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105885",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105885"
            },
            {
              "name": "ibm-db2-cve20181780-priv-escalation(148803)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148803"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733939",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
            },
            {
              "name": "1042086",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042086"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1780",
    "datePublished": "2018-11-09T00:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:14:14.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6209 (GCVE-0-2014-6209)

Vulnerability from cvelistv5

Published

2014-12-12 16:00

Modified

2024-08-06 12:10

Severity ?

CWE

n/a

Summary

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id/1034571	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/62092	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21690787	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/98684	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/71729	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21693197	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:12.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IT04786",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786"
          },
          {
            "name": "IT05646",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646"
          },
          {
            "name": "1034571",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034571"
          },
          {
            "name": "62092",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62092"
          },
          {
            "name": "IT05644",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644"
          },
          {
            "name": "IT05647",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690787"
          },
          {
            "name": "ibm-db2-cve20146209-dos(98684)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98684"
          },
          {
            "name": "71729",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71729"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
          },
          {
            "name": "IT05645",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IT04786",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786"
        },
        {
          "name": "IT05646",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646"
        },
        {
          "name": "1034571",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034571"
        },
        {
          "name": "62092",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62092"
        },
        {
          "name": "IT05644",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644"
        },
        {
          "name": "IT05647",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690787"
        },
        {
          "name": "ibm-db2-cve20146209-dos(98684)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98684"
        },
        {
          "name": "71729",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71729"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
        },
        {
          "name": "IT05645",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6209",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IT04786",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786"
            },
            {
              "name": "IT05646",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646"
            },
            {
              "name": "1034571",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034571"
            },
            {
              "name": "62092",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62092"
            },
            {
              "name": "IT05644",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644"
            },
            {
              "name": "IT05647",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690787",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690787"
            },
            {
              "name": "ibm-db2-cve20146209-dos(98684)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98684"
            },
            {
              "name": "71729",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71729"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
            },
            {
              "name": "IT05645",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6209",
    "datePublished": "2014-12-12T16:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:12.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30446 (GCVE-0-2023-30446)

Vulnerability from cvelistv5

Published

2023-07-08 18:09

Modified

2025-02-13 16:49

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010557	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/253361	vdb-entry
	https://security.netapp.com/advisory/ntap-20230731-0007/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:21:44.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010557"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T19:26:21.397532Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T19:45:43.924Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  \n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003e253361\u003c/span\u003e\n\n."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  \n\n253361\n\n."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:45.379Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010557"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30446",
    "datePublished": "2023-07-08T18:09:52.072Z",
    "dateReserved": "2023-04-08T15:56:40.869Z",
    "dateUpdated": "2025-02-13T16:49:27.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4976 (GCVE-0-2020-4976)

Vulnerability from cvelistv5

Published

2021-03-11 15:30

Modified

2024-09-16 19:20

Severity ?

5.1 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

CWE

File Manipulation

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6427859	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/192469	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210409-0003/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.312Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6427859"
          },
          {
            "name": "ibm-db2-cve20204976-file-write (192469)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/AC:L/AV:L/PR:N/C:L/A:N/I:L/S:U/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-09T08:06:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6427859"
        },
        {
          "name": "ibm-db2-cve20204976-file-write (192469)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-10T00:00:00",
          "ID": "CVE-2020-4976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "L",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6427859",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6427859 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6427859"
            },
            {
              "name": "ibm-db2-cve20204976-file-write (192469)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192469"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210409-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4976",
    "datePublished": "2021-03-11T15:30:25.232967Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T19:20:36.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2859 (GCVE-0-2009-2859)

Vulnerability from cvelistv5

Published

2009-08-19 17:00

Modified

2024-09-16 20:41

Severity ?

CWE

n/a

Summary

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ34149	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg24024075	x_refsource_CONFIRM
	http://secunia.com/advisories/36313	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/2293	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:36.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "IZ34149",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ34149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
          },
          {
            "name": "36313",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36313"
          },
          {
            "name": "ADV-2009-2293",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2293"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-08-19T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "IZ34149",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ34149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
        },
        {
          "name": "36313",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36313"
        },
        {
          "name": "ADV-2009-2293",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2293"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2859",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "IZ34149",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ34149"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
            },
            {
              "name": "36313",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36313"
            },
            {
              "name": "ADV-2009-2293",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2293"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2859",
    "datePublished": "2009-08-19T17:00:00Z",
    "dateReserved": "2009-08-19T00:00:00Z",
    "dateUpdated": "2024-09-16T20:41:36.385Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1566 (GCVE-0-2018-1566)

Vulnerability from cvelistv5

Published

2018-07-10 16:00

Modified

2024-09-17 00:55

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

References

►

URL

Tags

	http://www.securityfocus.com/bid/104740	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg22016182	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/143023	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1041229	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:43.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104740",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104740"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016182"
          },
          {
            "name": "ibm-db2-cve20181566-format-string(143023)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143023"
          },
          {
            "name": "1041229",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041229"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-14T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "104740",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104740"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016182"
        },
        {
          "name": "ibm-db2-cve20181566-format-string(143023)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143023"
        },
        {
          "name": "1041229",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041229"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-06T00:00:00",
          "ID": "CVE-2018-1566",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104740",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104740"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016182",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016182"
            },
            {
              "name": "ibm-db2-cve20181566-format-string(143023)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143023"
            },
            {
              "name": "1041229",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041229"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1566",
    "datePublished": "2018-07-10T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T00:55:57.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29703 (GCVE-0-2021-29703)

Vulnerability from cvelistv5

Published

2021-06-24 18:45

Modified

2024-09-16 19:04

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6466371	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/200659	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210720-0006/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6466371"
          },
          {
            "name": "ibm-db2-cve202129703-dos (200659)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/C:N/AV:N/PR:N/AC:L/I:N/UI:N/A:H/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:07:08",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6466371"
        },
        {
          "name": "ibm-db2-cve202129703-dos (200659)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-06-23T00:00:00",
          "ID": "CVE-2021-29703",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6466371",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6466371 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6466371"
            },
            {
              "name": "ibm-db2-cve202129703-dos (200659)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200659"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210720-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29703",
    "datePublished": "2021-06-24T18:45:29.304368Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T19:04:49.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30442 (GCVE-0-2023-30442)

Vulnerability from cvelistv5

Published

2023-07-10 00:01

Modified

2025-02-13 16:49

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010561	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/253202	vdb-entry
	https://security.netapp.com/advisory/ntap-20230731-0007/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:21:44.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010561"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253202"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30442",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T18:00:18.942752Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T18:12:26.412Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options.  IBM X-Force ID:  253202."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options.  IBM X-Force ID:  253202."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:43.848Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010561"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253202"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30442",
    "datePublished": "2023-07-10T00:01:47.971Z",
    "dateReserved": "2023-04-08T15:56:40.869Z",
    "dateUpdated": "2025-02-13T16:49:25.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1373 (GCVE-0-2011-1373)

Vulnerability from cvelistv5

Published

2011-11-09 23:00

Modified

2024-08-06 22:21

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.

References

►

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720	vdb-entry, signature, x_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilities/71043	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:34.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:14720",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720"
          },
          {
            "name": "db2-stmm-dos(71043)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71043"
          },
          {
            "name": "IC70473",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:14720",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720"
        },
        {
          "name": "db2-stmm-dos(71043)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71043"
        },
        {
          "name": "IC70473",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1373",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:14720",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720"
            },
            {
              "name": "db2-stmm-dos(71043)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71043"
            },
            {
              "name": "IC70473",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1373",
    "datePublished": "2011-11-09T23:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:21:34.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0731 (GCVE-0-2011-0731)

Vulnerability from cvelistv5

Published

2011-02-01 17:00

Modified

2024-08-06 22:05

Severity ?

CWE

n/a

Summary

Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/46052	vdb-entry, x_refsource_BID
	http://www.osvdb.org/70683	vdb-entry, x_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/43059	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:05:52.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC71203",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203"
          },
          {
            "name": "46052",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46052"
          },
          {
            "name": "70683",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/70683"
          },
          {
            "name": "oval:org.mitre.oval:def:14699",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699"
          },
          {
            "name": "IC72028",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028"
          },
          {
            "name": "43059",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43059"
          },
          {
            "name": "IC72029",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC71203",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203"
        },
        {
          "name": "46052",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46052"
        },
        {
          "name": "70683",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/70683"
        },
        {
          "name": "oval:org.mitre.oval:def:14699",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699"
        },
        {
          "name": "IC72028",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028"
        },
        {
          "name": "43059",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43059"
        },
        {
          "name": "IC72029",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC71203",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203"
            },
            {
              "name": "46052",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46052"
            },
            {
              "name": "70683",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/70683"
            },
            {
              "name": "oval:org.mitre.oval:def:14699",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699"
            },
            {
              "name": "IC72028",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028"
            },
            {
              "name": "43059",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43059"
            },
            {
              "name": "IC72029",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0731",
    "datePublished": "2011-02-01T17:00:00",
    "dateReserved": "2011-02-01T00:00:00",
    "dateUpdated": "2024-08-06T22:05:52.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1515 (GCVE-0-2018-1515)

Vulnerability from cvelistv5

Published

2018-05-25 14:00

Modified

2024-09-16 18:59

Severity ?

7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.

References

►

URL

Tags

	http://www.securitytracker.com/id/1040969	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/141624	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=swg22016140	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:42.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040969",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040969"
          },
          {
            "name": "ibm-db2-cve20181515-bo(141624)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141624"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016140"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:H/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1040969",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040969"
        },
        {
          "name": "ibm-db2-cve20181515-bo(141624)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141624"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016140"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-22T00:00:00",
          "ID": "CVE-2018-1515",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040969",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040969"
            },
            {
              "name": "ibm-db2-cve20181515-bo(141624)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141624"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016140",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016140"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1515",
    "datePublished": "2018-05-25T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:59:35.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3737 (GCVE-0-2010-3737)

Vulnerability from cvelistv5

Published

2010-10-05 17:00

Modified

2024-08-07 03:18

Severity ?

CWE

n/a

Summary

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.

References

►

URL

Tags

	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.998Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "name": "oval:org.mitre.oval:def:14567",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567"
          },
          {
            "name": "LI75022",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "name": "oval:org.mitre.oval:def:14567",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567"
        },
        {
          "name": "LI75022",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3737",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "oval:org.mitre.oval:def:14567",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567"
            },
            {
              "name": "LI75022",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3737",
    "datePublished": "2010-10-05T17:00:00",
    "dateReserved": "2010-10-05T00:00:00",
    "dateUpdated": "2024-08-07T03:18:52.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5466 (GCVE-0-2013-5466)

Vulnerability from cvelistv5

Published

2013-12-18 11:00

Modified

2024-08-06 17:15

Severity ?

CWE

n/a

Summary

The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/88365	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/64334	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21660046	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC97470",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470"
          },
          {
            "name": "ibm-db2-cve20135466-xslt-dos(88365)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88365"
          },
          {
            "name": "64334",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64334"
          },
          {
            "name": "IC97402",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046"
          },
          {
            "name": "IC97472",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472"
          },
          {
            "name": "IC97763",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763"
          },
          {
            "name": "IC97471",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-25T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IC97470",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470"
        },
        {
          "name": "ibm-db2-cve20135466-xslt-dos(88365)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88365"
        },
        {
          "name": "64334",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64334"
        },
        {
          "name": "IC97402",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046"
        },
        {
          "name": "IC97472",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472"
        },
        {
          "name": "IC97763",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763"
        },
        {
          "name": "IC97471",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5466",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC97470",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470"
            },
            {
              "name": "ibm-db2-cve20135466-xslt-dos(88365)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88365"
            },
            {
              "name": "64334",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64334"
            },
            {
              "name": "IC97402",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046"
            },
            {
              "name": "IC97472",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472"
            },
            {
              "name": "IC97763",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763"
            },
            {
              "name": "IC97471",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5466",
    "datePublished": "2013-12-18T11:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4386 (GCVE-0-2020-4386)

Vulnerability from cvelistv5

Published

2020-07-01 14:25

Modified

2024-09-16 18:14

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6242342	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/179268	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6242342"
          },
          {
            "name": "ibm-db2-cve20204386-info-disc (179268)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/A:N/UI:N/PR:N/C:H/S:U/AV:L/I:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-01T14:25:32",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6242342"
        },
        {
          "name": "ibm-db2-cve20204386-info-disc (179268)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-30T00:00:00",
          "ID": "CVE-2020-4386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6242342",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6242342 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6242342"
            },
            {
              "name": "ibm-db2-cve20204386-info-disc (179268)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4386",
    "datePublished": "2020-07-01T14:25:32.319512Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T18:14:21.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5090 (GCVE-0-2007-5090)

Vulnerability from cvelistv5

Published

2007-09-26 20:00

Modified

2024-08-07 15:17

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.

References

►

URL

Tags

	http://www.securityfocus.com/bid/25810	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/26899	third-party-advisory, x_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg21268116	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2007/3264	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1018735	vdb-entry, x_refsource_SECTRACK
	http://osvdb.org/40598	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/36771	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:28.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25810",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25810"
          },
          {
            "name": "26899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26899"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
          },
          {
            "name": "ADV-2007-3264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3264"
          },
          {
            "name": "1018735",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018735"
          },
          {
            "name": "40598",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40598"
          },
          {
            "name": "clearquest-unspecified-data-manipulation(36771)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "25810",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25810"
        },
        {
          "name": "26899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26899"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
        },
        {
          "name": "ADV-2007-3264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3264"
        },
        {
          "name": "1018735",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018735"
        },
        {
          "name": "40598",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40598"
        },
        {
          "name": "clearquest-unspecified-data-manipulation(36771)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5090",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25810",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25810"
            },
            {
              "name": "26899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26899"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
            },
            {
              "name": "ADV-2007-3264",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3264"
            },
            {
              "name": "1018735",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018735"
            },
            {
              "name": "40598",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/40598"
            },
            {
              "name": "clearquest-unspecified-data-manipulation(36771)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5090",
    "datePublished": "2007-09-26T20:00:00",
    "dateReserved": "2007-09-26T00:00:00",
    "dateUpdated": "2024-08-07T15:17:28.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1449 (GCVE-0-2018-1449)

Vulnerability from cvelistv5

Published

2018-05-25 14:00

Modified

2024-09-16 19:24

Severity ?

CWE

File Manipulation

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22016181	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041004	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/140044	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
          },
          {
            "name": "1041004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041004"
          },
          {
            "name": "ibm-db2-cve20181449-file-overwrite(140044)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140044"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-14T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
        },
        {
          "name": "1041004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041004"
        },
        {
          "name": "ibm-db2-cve20181449-file-overwrite(140044)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140044"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-22T00:00:00",
          "ID": "CVE-2018-1449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016181",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
            },
            {
              "name": "1041004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041004"
            },
            {
              "name": "ibm-db2-cve20181449-file-overwrite(140044)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140044"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1449",
    "datePublished": "2018-05-25T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:24:42.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4015 (GCVE-0-2019-4015)

Vulnerability from cvelistv5

Published

2019-03-11 22:00

Modified

2024-09-16 22:08

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10740413	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/107398	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/155893	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
          },
          {
            "name": "107398",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107398"
          },
          {
            "name": "ibm-db2-cve20194015-bo(155893)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
        },
        {
          "name": "107398",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107398"
        },
        {
          "name": "ibm-db2-cve20194015-bo(155893)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2019-4015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10740413",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
            },
            {
              "name": "107398",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107398"
            },
            {
              "name": "ibm-db2-cve20194015-bo(155893)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4015",
    "datePublished": "2019-03-11T22:00:00Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T22:08:30.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1980 (GCVE-0-2018-1980)

Vulnerability from cvelistv5

Published

2019-03-11 22:00

Modified

2024-09-17 01:50

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10740413	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/154078	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/107398	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.664Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
          },
          {
            "name": "ibm-db2-cve20181980-bo(154078)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154078"
          },
          {
            "name": "107398",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107398"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
        },
        {
          "name": "ibm-db2-cve20181980-bo(154078)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154078"
        },
        {
          "name": "107398",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107398"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1980",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10740413",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
            },
            {
              "name": "ibm-db2-cve20181980-bo(154078)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154078"
            },
            {
              "name": "107398",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107398"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1980",
    "datePublished": "2019-03-11T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T01:50:39.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4200 (GCVE-0-2020-4200)

Vulnerability from cvelistv5

Published

2020-02-19 15:15

Modified

2024-09-16 18:54

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/2875251	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/174914	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/2875251"
          },
          {
            "name": "ibm-db2-cve20204200-dos (174914)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174914"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/I:N/PR:L/A:H/UI:N/S:U/C:N/AC:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T15:15:46",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/2875251"
        },
        {
          "name": "ibm-db2-cve20204200-dos (174914)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174914"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-18T00:00:00",
          "ID": "CVE-2020-4200",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/2875251",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 2875251 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/2875251"
            },
            {
              "name": "ibm-db2-cve20204200-dos (174914)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174914"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4200",
    "datePublished": "2020-02-19T15:15:46.270256Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T18:54:03.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4204 (GCVE-0-2020-4204)

Vulnerability from cvelistv5

Published

2020-02-19 15:15

Modified

2024-09-16 17:38

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/2875875	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/174960	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/2875875"
          },
          {
            "name": "ibm-db2-cve20204204-bo (174960)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174960"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/UI:N/C:H/AC:L/PR:N/A:H/I:H/AV:L/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T15:15:46",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/2875875"
        },
        {
          "name": "ibm-db2-cve20204204-bo (174960)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174960"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-18T00:00:00",
          "ID": "CVE-2020-4204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/2875875",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 2875875 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/2875875"
            },
            {
              "name": "ibm-db2-cve20204204-bo (174960)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174960"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4204",
    "datePublished": "2020-02-19T15:15:46.680208Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T17:38:12.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4322 (GCVE-0-2019-4322)

Vulnerability from cvelistv5

Published

2019-07-01 15:05

Modified

2024-09-17 04:03

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10884444	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/161202	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/109002	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884444"
          },
          {
            "name": "ibm-db2-cve20194322-bo (161202)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161202"
          },
          {
            "name": "109002",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/A:H/UI:N/I:H/AC:L/AV:L/PR:N/C:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-03T16:06:06",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884444"
        },
        {
          "name": "ibm-db2-cve20194322-bo (161202)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161202"
        },
        {
          "name": "109002",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-27T00:00:00",
          "ID": "CVE-2019-4322",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10884444",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 884444 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884444"
            },
            {
              "name": "ibm-db2-cve20194322-bo (161202)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161202"
            },
            {
              "name": "109002",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4322",
    "datePublished": "2019-07-01T15:05:38.166913Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T04:03:54.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6159 (GCVE-0-2014-6159)

Vulnerability from cvelistv5

Published

2014-11-08 11:00

Modified

2024-08-06 12:10

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

References

►

URL

Tags

	http://secunia.com/advisories/62092	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/71006	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/97708	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/62093	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg21693197	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21688051	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:12.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "62092",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62092"
          },
          {
            "name": "IT05074",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074"
          },
          {
            "name": "71006",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71006"
          },
          {
            "name": "IT04730",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730"
          },
          {
            "name": "IT05132",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132"
          },
          {
            "name": "ibm-db2-cve20146159-dos(97708)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97708"
          },
          {
            "name": "62093",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62093"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688051"
          },
          {
            "name": "IT05105",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "62092",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62092"
        },
        {
          "name": "IT05074",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074"
        },
        {
          "name": "71006",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71006"
        },
        {
          "name": "IT04730",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730"
        },
        {
          "name": "IT05132",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132"
        },
        {
          "name": "ibm-db2-cve20146159-dos(97708)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97708"
        },
        {
          "name": "62093",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62093"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688051"
        },
        {
          "name": "IT05105",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6159",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "62092",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62092"
            },
            {
              "name": "IT05074",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074"
            },
            {
              "name": "71006",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71006"
            },
            {
              "name": "IT04730",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730"
            },
            {
              "name": "IT05132",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132"
            },
            {
              "name": "ibm-db2-cve20146159-dos(97708)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97708"
            },
            {
              "name": "62093",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62093"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688051",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688051"
            },
            {
              "name": "IT05105",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6159",
    "datePublished": "2014-11-08T11:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:12.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40372 (GCVE-0-2023-40372)

Vulnerability from cvelistv5

Published

2023-10-16 23:02

Modified

2025-02-13 17:07

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7047561	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/263499	vdb-entry
	https://security.netapp.com/advisory/ntap-20231116-0007/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:31:53.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047561"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40372",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-26T14:40:17.973223Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T18:40:19.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables.  IBM X-Force ID:  263499."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables.  IBM X-Force ID:  263499."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T15:06:57.706Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047561"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-40372",
    "datePublished": "2023-10-16T23:02:30.073Z",
    "dateReserved": "2023-08-14T20:12:04.115Z",
    "dateUpdated": "2025-02-13T17:07:45.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1438 (GCVE-0-2017-1438)

Vulnerability from cvelistv5

Published

2017-09-12 21:00

Modified

2024-09-17 02:57

Severity ?

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/128057	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22006885	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039300	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/100685	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128057"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006885"
          },
          {
            "name": "1039300",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039300"
          },
          {
            "name": "100685",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100685"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128057"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006885"
        },
        {
          "name": "1039300",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039300"
        },
        {
          "name": "100685",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100685"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-09-07T00:00:00",
          "ID": "CVE-2017-1438",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128057",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128057"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006885",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006885"
            },
            {
              "name": "1039300",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039300"
            },
            {
              "name": "100685",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100685"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1438",
    "datePublished": "2017-09-12T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T02:57:10.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-0462 (GCVE-0-2010-0462)

Vulnerability from cvelistv5

Published

2010-01-28 20:00

Modified

2024-08-07 00:52

Severity ?

CWE

n/a

Summary

Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/55899	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/37976	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922	vendor-advisory, x_refsource_AIXAPAR
	http://securitytracker.com/id?1023509	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM
	http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:52:18.794Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-sysibm-bo(55899)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55899"
          },
          {
            "name": "IC65935",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935"
          },
          {
            "name": "IC65933",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933"
          },
          {
            "name": "37976",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37976"
          },
          {
            "name": "IC65922",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
          },
          {
            "name": "1023509",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023509"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14518",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "db2-sysibm-bo(55899)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55899"
        },
        {
          "name": "IC65935",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935"
        },
        {
          "name": "IC65933",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933"
        },
        {
          "name": "37976",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37976"
        },
        {
          "name": "IC65922",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
        },
        {
          "name": "1023509",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023509"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14518",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0462",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-sysibm-bo(55899)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55899"
            },
            {
              "name": "IC65935",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935"
            },
            {
              "name": "IC65933",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933"
            },
            {
              "name": "37976",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37976"
            },
            {
              "name": "IC65922",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
            },
            {
              "name": "1023509",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023509"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
            },
            {
              "name": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html",
              "refsource": "MISC",
              "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14518",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0462",
    "datePublished": "2010-01-28T20:00:00",
    "dateReserved": "2010-01-28T00:00:00",
    "dateUpdated": "2024-08-07T00:52:18.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1857 (GCVE-0-2018-1857)

Vulnerability from cvelistv5

Published

2018-11-09 00:00

Modified

2024-09-16 22:14

Severity ?

4.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155.

References

►

URL

Tags

	http://www.securitytracker.com/id/1042176	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/105883	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=ibm10734059	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/151155	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1042176",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042176"
          },
          {
            "name": "105883",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105883"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10734059"
          },
          {
            "name": "ibm-db2-cve20181857-info-disc(151155)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn\u0027t be able to see. IBM X-Force ID: 151155."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:L/S:U/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-02T10:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1042176",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042176"
        },
        {
          "name": "105883",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105883"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10734059"
        },
        {
          "name": "ibm-db2-cve20181857-info-disc(151155)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-05T00:00:00",
          "ID": "CVE-2018-1857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn\u0027t be able to see. IBM X-Force ID: 151155."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1042176",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042176"
            },
            {
              "name": "105883",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105883"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10734059",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10734059"
            },
            {
              "name": "ibm-db2-cve20181857-info-disc(151155)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1857",
    "datePublished": "2018-11-09T00:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T22:14:52.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20373 (GCVE-0-2021-20373)

Vulnerability from cvelistv5

Published

2021-12-09 17:00

Modified

2024-09-17 00:45

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6523804	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/195521	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20220225-0005/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:24.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6523804"
          },
          {
            "name": "ibm-db2-cve202120373-info-disc (195521)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195521"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220225-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/A:N/AC:H/I:N/PR:N/S:U/AV:N/C:H/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-25T09:06:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6523804"
        },
        {
          "name": "ibm-db2-cve202120373-info-disc (195521)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195521"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220225-0005/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-12-08T00:00:00",
          "ID": "CVE-2021-20373",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6523804",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6523804 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6523804"
            },
            {
              "name": "ibm-db2-cve202120373-info-disc (195521)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195521"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220225-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220225-0005/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20373",
    "datePublished": "2021-12-09T17:00:24.045474Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-17T00:45:54.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52894 (GCVE-0-2024-52894)

Vulnerability from cvelistv5

Published

2025-07-29 19:00

Modified

2025-08-17 01:23

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7240953

vendor-advisory, patch

Impacted products

	Vendor	Product	Version
	IBM	Db2	Version: 10.5.0.0 ≤ 10.5.0.11 Version: 11.1.0 ≤ 11.1.4.7 Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.2 cpe:2.3:a:ibm:db2:10.5.0:::::linux:: cpe:2.3:a:ibm:db2:10.5.0:::::unix:: cpe:2.3:a:ibm:db2:10.5.0:::::aix:: cpe:2.3:a:ibm:db2:10.5.0:::::windows:: cpe:2.3:a:ibm:db2:10.5.0:::::zos:: cpe:2.3:a:ibm:db2:10.5.11:::::linux:: cpe:2.3:a:ibm:db2:10.5.11:::::unix:: cpe:2.3:a:ibm:db2:10.5.11:::::aix:: cpe:2.3:a:ibm:db2:10.5.11:::::windows:: cpe:2.3:a:ibm:db2:10.5.11:::::zos:: cpe:2.3:a:ibm:db2:11.1.0:::::linux:: cpe:2.3:a:ibm:db2:11.1.0:::::unix:: cpe:2.3:a:ibm:db2:11.1.0:::::aix:: cpe:2.3:a:ibm:db2:11.1.0:::::windows:: cpe:2.3:a:ibm:db2:11.1.0:::::zos:: cpe:2.3:a:ibm:db2:11.1.4.7:::::linux:: cpe:2.3:a:ibm:db2:11.1.4.7:::::unix:: cpe:2.3:a:ibm:db2:11.1.4.7:::::aix:: cpe:2.3:a:ibm:db2:11.1.4.7:::::windows:: cpe:2.3:a:ibm:db2:11.1.4.7:::::zos:: cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos:: cpe:2.3:a:ibm:db2:12.1.2:::::linux:: cpe:2.3:a:ibm:db2:12.1.2:::::unix:: cpe:2.3:a:ibm:db2:12.1.2:::::aix:: cpe:2.3:a:ibm:db2:12.1.2:::::windows:: cpe:2.3:a:ibm:db2:12.1.2:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52894",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-29T19:29:51.532514Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T19:30:03.897Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "Unix",
            "AIX",
            "z/OS"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "10.5.0.11",
              "status": "affected",
              "version": "10.5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.1.4.7",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.2",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-17T01:23:03.366Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7240953"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003eRelease  Fixed in mod pack  APAR  Download URL\u003cbr\u003eV10.5  TBD  DT398812  \u003cbr\u003eSpecial Build for V10.5 FP11:\u003cbr\u003e\u003cbr\u003eAIX 64-bit\u003cbr\u003eHP-UX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 big endian\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eSolaris 64-bit, x86-64\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.1  TBD  DT398812  Special Build for V11.1.4 FP7:\u003cbr\u003eAIX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.5  TBD  DT398812  \u003cbr\u003eSpecial Build #62071 or later for V11.5.9 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003cbr\u003eV12.1  V12.1.2  DT398812  \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\nRelease  Fixed in mod pack  APAR  Download URL\nV10.5  TBD  DT398812  \nSpecial Build for V10.5 FP11:\n\nAIX 64-bit\nHP-UX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 big endian\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nSolaris 64-bit, x86-64\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.1  TBD  DT398812  Special Build for V11.1.4 FP7:\nAIX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.5  TBD  DT398812  \nSpecial Build #62071 or later for V11.5.9 available at this link:\n\n https://www.ibm.com/support/pages/node/7087189 \nV12.1  V12.1.2  DT398812  \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-52894",
    "datePublished": "2025-07-29T19:00:12.910Z",
    "dateReserved": "2024-11-17T14:25:44.935Z",
    "dateUpdated": "2025-08-17T01:23:03.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-2073 (GCVE-0-2005-2073)

Vulnerability from cvelistv5

Published

2005-06-29 04:00

Modified

2024-09-17 03:38

Severity ?

CWE

n/a

Summary

Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.

References

►

URL

Tags

http://www-1.ibm.com/support/search.wss?rs=0&q=IY73104&apar=only

vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:15:37.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IY73104",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY73104\u0026apar=only"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-06-29T04:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IY73104",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY73104\u0026apar=only"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2073",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IY73104",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY73104\u0026apar=only"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2073",
    "datePublished": "2005-06-29T04:00:00Z",
    "dateReserved": "2005-06-29T00:00:00Z",
    "dateUpdated": "2024-09-17T03:38:37.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-36010 (GCVE-0-2025-36010)

Vulnerability from cvelistv5

Published

2025-07-29 18:13

Modified

2025-07-29 18:29

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-833 - Deadlock

Summary

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7240951

vendor-advisory, patch

Impacted products

	Vendor	Product	Version
	IBM	Db2	Version: 12.1.0 Version: 12.1.1 Version: 12.1.2 cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.2:::::linux::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-29T18:29:33.720627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T18:29:45.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1.0"
            },
            {
              "status": "affected",
              "version": "12.1.1"
            },
            {
              "status": "affected",
              "version": "12.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\ncould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-833",
              "description": "CWE-833 Deadlock",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T18:13:20.677Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7240951"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable mod pack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eRelease  Fixed in mod pack  APAR  Download URL\u003cbr\u003eV12.1  V12.1.2  DT433635  \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
            }
          ],
          "value": "Customers running any vulnerable mod pack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\n \n\nRelease  Fixed in mod pack  APAR  Download URL\nV12.1  V12.1.2  DT433635  \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36010",
    "datePublished": "2025-07-29T18:13:20.677Z",
    "dateReserved": "2025-04-15T21:16:07.862Z",
    "dateUpdated": "2025-07-29T18:29:45.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3733 (GCVE-0-2010-3733)

Vulnerability from cvelistv5

Published

2010-10-05 17:00

Modified

2024-08-07 03:18

Severity ?

CWE

n/a

Summary

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463	vendor-advisory, x_refsource_AIXAPAR
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IZ68463",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "name": "oval:org.mitre.oval:def:14707",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IZ68463",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "name": "oval:org.mitre.oval:def:14707",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3733",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IZ68463",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "oval:org.mitre.oval:def:14707",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3733",
    "datePublished": "2010-10-05T17:00:00",
    "dateReserved": "2010-10-05T00:00:00",
    "dateUpdated": "2024-08-07T03:18:52.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-26022 (GCVE-0-2023-26022)

Vulnerability from cvelistv5

Published

2023-04-28 18:26

Modified

2025-02-13 16:44

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6985669	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/247868	vdb-entry
	https://security.netapp.com/advisory/ntap-20230511-0010/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.1, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:39:06.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6985669"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247868"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26022",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T20:01:27.429104Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T20:02:40.177Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.1, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module.  IBM X-Force ID:  247868."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module.  IBM X-Force ID:  247868."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-11T14:06:23.589Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6985669"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247868"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-26022",
    "datePublished": "2023-04-28T18:26:55.536Z",
    "dateReserved": "2023-02-17T18:40:48.572Z",
    "dateUpdated": "2025-02-13T16:44:41.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4332 (GCVE-0-2009-4332)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-09-17 04:13

Severity ?

CWE

n/a

Summary

db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT	x_refsource_CONFIRM
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "name": "IZ28509",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "name": "IZ28510",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-16T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "name": "IZ28509",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "name": "IZ28510",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4332",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "IZ28509",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "IZ28510",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4332",
    "datePublished": "2009-12-16T18:00:00Z",
    "dateReserved": "2009-12-16T00:00:00Z",
    "dateUpdated": "2024-09-17T04:13:45.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2194 (GCVE-0-2012-2194)

Vulnerability from cvelistv5

Published

2012-07-25 10:00

Modified

2024-08-06 19:26

Severity ?

CWE

n/a

Summary

Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.

References

►

URL

Tags

	http://secunia.com/advisories/49919	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/54487	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21600837	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "49919",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49919"
          },
          {
            "name": "54487",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54487"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
          },
          {
            "name": "IC84711",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711"
          },
          {
            "name": "IC84019",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019"
          },
          {
            "name": "IC84716",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716"
          },
          {
            "name": "IC84714",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714"
          },
          {
            "name": "IC84715",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-21T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "49919",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49919"
        },
        {
          "name": "54487",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54487"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
        },
        {
          "name": "IC84711",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711"
        },
        {
          "name": "IC84019",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019"
        },
        {
          "name": "IC84716",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716"
        },
        {
          "name": "IC84714",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714"
        },
        {
          "name": "IC84715",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "49919",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49919"
            },
            {
              "name": "54487",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54487"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
            },
            {
              "name": "IC84711",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711"
            },
            {
              "name": "IC84019",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019"
            },
            {
              "name": "IC84716",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716"
            },
            {
              "name": "IC84714",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714"
            },
            {
              "name": "IC84715",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2194",
    "datePublished": "2012-07-25T10:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1428 (GCVE-0-2018-1428)

Vulnerability from cvelistv5

Published

2018-03-22 12:00

Modified

2024-09-16 17:18

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Obtain Information

Summary

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/139073	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22013756	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/103574	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1041012	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139073"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
          },
          {
            "name": "103574",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103574"
          },
          {
            "name": "1041012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:H/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-08T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139073"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
        },
        {
          "name": "103574",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103574"
        },
        {
          "name": "1041012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041012"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-15T00:00:00",
          "ID": "CVE-2018-1428",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139073",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139073"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22013756",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
            },
            {
              "name": "103574",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103574"
            },
            {
              "name": "1041012",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041012"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1428",
    "datePublished": "2018-03-22T12:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T17:18:52.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1451 (GCVE-0-2017-1451)

Vulnerability from cvelistv5

Published

2017-09-12 21:00

Modified

2024-09-16 22:46

Severity ?

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039301	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/128178	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22006061	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100690	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:30.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039301",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039301"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128178"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
          },
          {
            "name": "100690",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100690"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1039301",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039301"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128178"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
        },
        {
          "name": "100690",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100690"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-09-07T00:00:00",
          "ID": "CVE-2017-1451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039301",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039301"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128178",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128178"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006061",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
            },
            {
              "name": "100690",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100690"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1451",
    "datePublished": "2017-09-12T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T22:46:02.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1802 (GCVE-0-2018-1802)

Vulnerability from cvelistv5

Published

2018-11-09 00:00

Modified

2024-09-16 20:36

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640.

References

►

URL

Tags

	http://www.securityfocus.com/bid/105962	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/149640	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1042082	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=ibm10733122	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105962",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105962"
          },
          {
            "name": "ibm-db2-cve20181802-priv-escalation(149640)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149640"
          },
          {
            "name": "1042082",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042082"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733122"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-21T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "105962",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105962"
        },
        {
          "name": "ibm-db2-cve20181802-priv-escalation(149640)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149640"
        },
        {
          "name": "1042082",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042082"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733122"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-07T00:00:00",
          "ID": "CVE-2018-1802",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105962",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105962"
            },
            {
              "name": "ibm-db2-cve20181802-priv-escalation(149640)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149640"
            },
            {
              "name": "1042082",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042082"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733122",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733122"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1802",
    "datePublished": "2018-11-09T00:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T20:36:17.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27869 (GCVE-0-2023-27869)

Vulnerability from cvelistv5

Published

2023-07-08 18:40

Modified

2025-02-13 16:45

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010029	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/249517	vdb-entry
	https://security.netapp.com/advisory/ntap-20230803-0006/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010029"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27869",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T19:26:15.429594Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T19:45:59.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517."
            }
          ],
          "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-03T14:06:15.306Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010029"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27869",
    "datePublished": "2023-07-08T18:40:10.686Z",
    "dateReserved": "2023-03-06T20:01:56.636Z",
    "dateUpdated": "2025-02-13T16:45:36.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3471 (GCVE-0-2009-3471)

Vulnerability from cvelistv5

Published

2009-09-29 21:00

Modified

2024-08-07 06:31

Severity ?

CWE

n/a

Summary

IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.

References

►

URL

Tags

	http://osvdb.org/58477	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/36540	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/36890	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658	vendor-advisory, x_refsource_AIXAPAR
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21403619	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:09.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "58477",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/58477"
          },
          {
            "name": "36540",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36540"
          },
          {
            "name": "IC63548",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548"
          },
          {
            "name": "36890",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36890"
          },
          {
            "name": "IZ46773",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "name": "IZ46658",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "name": "IZ46774",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions\u0027 definers, which has unspecified impact and remote attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-10-14T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "58477",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/58477"
        },
        {
          "name": "36540",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36540"
        },
        {
          "name": "IC63548",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548"
        },
        {
          "name": "36890",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36890"
        },
        {
          "name": "IZ46773",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "name": "IZ46658",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "name": "IZ46774",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions\u0027 definers, which has unspecified impact and remote attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "58477",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/58477"
            },
            {
              "name": "36540",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36540"
            },
            {
              "name": "IC63548",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548"
            },
            {
              "name": "36890",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36890"
            },
            {
              "name": "IZ46773",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
            },
            {
              "name": "IZ46658",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
            },
            {
              "name": "IZ46774",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3471",
    "datePublished": "2009-09-29T21:00:00",
    "dateReserved": "2009-09-29T00:00:00",
    "dateUpdated": "2024-08-07T06:31:09.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3195 (GCVE-0-2010-3195)

Vulnerability from cvelistv5

Published

2010-08-31 21:00

Modified

2024-08-07 03:03

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/61446	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2010/2225	vdb-entry, x_refsource_VUPEN
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/41218	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099	vendor-advisory, x_refsource_AIXAPAR
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-special-group-dos(61446)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61446"
          },
          {
            "name": "ADV-2010-2225",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2225"
          },
          {
            "name": "IC66643",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643"
          },
          {
            "name": "41218",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41218"
          },
          {
            "name": "IC66642",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642"
          },
          {
            "name": "IC66099",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099"
          },
          {
            "name": "oval:org.mitre.oval:def:14647",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving \"special group and user enumeration.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "db2-special-group-dos(61446)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61446"
        },
        {
          "name": "ADV-2010-2225",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2225"
        },
        {
          "name": "IC66643",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643"
        },
        {
          "name": "41218",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41218"
        },
        {
          "name": "IC66642",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642"
        },
        {
          "name": "IC66099",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099"
        },
        {
          "name": "oval:org.mitre.oval:def:14647",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving \"special group and user enumeration.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-special-group-dos(61446)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61446"
            },
            {
              "name": "ADV-2010-2225",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2225"
            },
            {
              "name": "IC66643",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643"
            },
            {
              "name": "41218",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41218"
            },
            {
              "name": "IC66642",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642"
            },
            {
              "name": "IC66099",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099"
            },
            {
              "name": "oval:org.mitre.oval:def:14647",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3195",
    "datePublished": "2010-08-31T21:00:00",
    "dateReserved": "2010-08-31T00:00:00",
    "dateUpdated": "2024-08-07T03:03:18.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1781 (GCVE-0-2018-1781)

Vulnerability from cvelistv5

Published

2018-11-09 00:00

Modified

2024-09-17 03:28

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/148804	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/105885	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=ibm10733939	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1042086	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-db2-20181781-priv-escalation(148804)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148804"
          },
          {
            "name": "105885",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
          },
          {
            "name": "1042086",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042086"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-16T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-db2-20181781-priv-escalation(148804)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148804"
        },
        {
          "name": "105885",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
        },
        {
          "name": "1042086",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042086"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-05T00:00:00",
          "ID": "CVE-2018-1781",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-db2-20181781-priv-escalation(148804)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148804"
            },
            {
              "name": "105885",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105885"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733939",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
            },
            {
              "name": "1042086",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042086"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1781",
    "datePublished": "2018-11-09T00:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:28:49.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30987 (GCVE-0-2023-30987)

Vulnerability from cvelistv5

Published

2023-10-16 20:48

Modified

2025-02-13 16:49

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7047560	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/253440	vdb-entry
	https://security.netapp.com/advisory/ntap-20231116-0006/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:45:24.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047560"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases.  IBM X-Force ID:  253440."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases.  IBM X-Force ID:  253440."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T15:06:54.465Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047560"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30987",
    "datePublished": "2023-10-16T20:48:07.845Z",
    "dateReserved": "2023-04-21T17:49:51.825Z",
    "dateUpdated": "2025-02-13T16:49:39.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1150 (GCVE-0-2017-1150)

Vulnerability from cvelistv5

Published

2017-03-08 19:00

Modified

2024-08-05 13:25

Severity ?

CWE

Obtain Information

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

References

►

URL

Tags

	http://www.securitytracker.com/id/1037946	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/96597	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg21999515	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM Corporation	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037946",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037946"
          },
          {
            "name": "96597",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96597"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21999515"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-14T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1037946",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037946"
        },
        {
          "name": "96597",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96597"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21999515"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1150",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037946",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037946"
            },
            {
              "name": "96597",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96597"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21999515",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21999515"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1150",
    "datePublished": "2017-03-08T19:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:25:17.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6210 (GCVE-0-2014-6210)

Vulnerability from cvelistv5

Published

2014-12-12 16:00

Modified

2024-08-06 12:10

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/62092	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/71730	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1034572	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21693197	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21690891	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/98685	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:12.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IT05652",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652"
          },
          {
            "name": "62092",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62092"
          },
          {
            "name": "IT05651",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651"
          },
          {
            "name": "71730",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71730"
          },
          {
            "name": "1034572",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034572"
          },
          {
            "name": "IT04138",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891"
          },
          {
            "name": "IC96934",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934"
          },
          {
            "name": "ibm-db2-cve20146210-dos(98685)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98685"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IT05652",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652"
        },
        {
          "name": "62092",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62092"
        },
        {
          "name": "IT05651",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651"
        },
        {
          "name": "71730",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71730"
        },
        {
          "name": "1034572",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034572"
        },
        {
          "name": "IT04138",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891"
        },
        {
          "name": "IC96934",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934"
        },
        {
          "name": "ibm-db2-cve20146210-dos(98685)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98685"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6210",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IT05652",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652"
            },
            {
              "name": "62092",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62092"
            },
            {
              "name": "IT05651",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651"
            },
            {
              "name": "71730",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71730"
            },
            {
              "name": "1034572",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034572"
            },
            {
              "name": "IT04138",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891"
            },
            {
              "name": "IC96934",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934"
            },
            {
              "name": "ibm-db2-cve20146210-dos(98685)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98685"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6210",
    "datePublished": "2014-12-12T16:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:12.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-25030 (GCVE-0-2024-25030)

Vulnerability from cvelistv5

Published

2024-04-03 12:14

Modified

2025-02-13 17:40

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-532 - Insertion of Sensitive Information into Log File

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7145725	vendor-advisory
	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/281677	vdb-entry
	https://security.netapp.com/advisory/ntap-20240517-0006/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25030",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T21:01:37.573793Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T21:01:45.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:36:21.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7145725"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/281677"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240517-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  281677."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  281677."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T17:11:10.633Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7145725"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/281677"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240517-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-25030",
    "datePublished": "2024-04-03T12:14:19.709Z",
    "dateReserved": "2024-02-03T14:49:11.963Z",
    "dateUpdated": "2025-02-13T17:40:44.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4739 (GCVE-0-2020-4739)

Vulnerability from cvelistv5

Published

2020-11-20 13:50

Modified

2024-09-17 02:05

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6370023	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/188149	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:57.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6370023"
          },
          {
            "name": "ibm-db2-cve20204739-code-exec (188149)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188149"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:N/A:H/AV:L/AC:L/UI:R/S:U/I:H/C:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-20T13:50:14",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6370023"
        },
        {
          "name": "ibm-db2-cve20204739-code-exec (188149)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188149"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-11-19T00:00:00",
          "ID": "CVE-2020-4739",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6370023",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6370023 (DB2 for Linux, UNIX and Windows UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6370023"
            },
            {
              "name": "ibm-db2-cve20204739-code-exec (188149)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188149"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4739",
    "datePublished": "2020-11-20T13:50:14.651408Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T02:05:51.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1000 (GCVE-0-2025-1000)

Vulnerability from cvelistv5

Published

2025-05-05 20:55

Modified

2025-05-06 02:54

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7232528

vendor-advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.1 cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1000",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-06T02:54:14.923211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T02:54:27.634Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.1",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\ncould allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-05T20:55:46.335Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7232528"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5 and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9 and V12.1.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability."
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V11.5 and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9 and V12.1.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-1000",
    "datePublished": "2025-05-05T20:55:46.335Z",
    "dateReserved": "2025-02-03T18:09:41.315Z",
    "dateUpdated": "2025-05-06T02:54:27.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4420 (GCVE-0-2020-4420)

Vulnerability from cvelistv5

Published

2020-07-01 14:25

Modified

2024-09-16 20:52

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6242362	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/180076	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6242362"
          },
          {
            "name": "ibm-db2-cve20204420-dos (180076)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:N/AV:N/S:U/C:N/PR:N/UI:N/A:H/AC:L/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-01T14:25:33",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6242362"
        },
        {
          "name": "ibm-db2-cve20204420-dos (180076)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-30T00:00:00",
          "ID": "CVE-2020-4420",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6242362",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6242362 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6242362"
            },
            {
              "name": "ibm-db2-cve20204420-dos (180076)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4420",
    "datePublished": "2020-07-01T14:25:33.640391Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T20:52:33.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-1050 (GCVE-0-2003-1050)

Vulnerability from cvelistv5

Published

2004-08-20 04:00

Modified

2024-08-08 02:12

Severity ?

CWE

n/a

Summary

Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/13633	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/8990	vdb-entry, x_refsource_BID
	http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt	x_refsource_MISC
	http://www.securityfocus.com/archive/1/343804	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:12:35.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-multiple-binaries-bo(13633)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
          },
          {
            "name": "8990",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8990"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
          },
          {
            "name": "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/343804"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "db2-multiple-binaries-bo(13633)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
        },
        {
          "name": "8990",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8990"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
        },
        {
          "name": "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/343804"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1050",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-multiple-binaries-bo(13633)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
            },
            {
              "name": "8990",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8990"
            },
            {
              "name": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt",
              "refsource": "MISC",
              "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
            },
            {
              "name": "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/343804"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1050",
    "datePublished": "2004-08-20T04:00:00",
    "dateReserved": "2004-08-19T00:00:00",
    "dateUpdated": "2024-08-08T02:12:35.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40679 (GCVE-0-2024-40679)

Vulnerability from cvelistv5

Published

2025-01-08 00:44

Modified

2025-01-08 17:24

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-532 - Insertion of Sensitive Information into Log File

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7175957

Impacted products

	Vendor	Product	Version
	IBM	Db2	Version: 11.5 cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-08T17:24:16.463105Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-08T17:24:57.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-08T00:44:37.346Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7175957"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-40679",
    "datePublished": "2025-01-08T00:44:37.346Z",
    "dateReserved": "2024-07-08T19:30:52.528Z",
    "dateUpdated": "2025-01-08T17:24:57.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1966 (GCVE-0-2008-1966)

Vulnerability from cvelistv5

Published

2008-04-27 18:00

Modified

2024-08-07 08:41

Severity ?

CWE

n/a

Summary

Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar.

References

►

URL

Tags

	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/28835	vdb-entry, x_refsource_BID
	http://www-1.ibm.com/support/docview.wss?uid=swg21255607	x_refsource_CONFIRM
	http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml	x_refsource_MISC
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512	vendor-advisory, x_refsource_AIXAPAR
	http://osvdb.org/46269	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/29601	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41955	vdb-entry, x_refsource_XF
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945	vendor-advisory, x_refsource_AIXAPAR
	http://osvdb.org/46268	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/29022	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/491071/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:41:00.108Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IZ15496",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496"
          },
          {
            "name": "28835",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28835"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml"
          },
          {
            "name": "IZ08512",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512"
          },
          {
            "name": "46269",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/46269"
          },
          {
            "name": "29601",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29601"
          },
          {
            "name": "ibm-db2-recoverjar-removejar-dos(41955)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41955"
          },
          {
            "name": "IZ08945",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945"
          },
          {
            "name": "46268",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/46268"
          },
          {
            "name": "29022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29022"
          },
          {
            "name": "20080418 Team SHATTER Security Advisory: Multiple DoS in JAR files manipulation procedures",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491071/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IZ15496",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496"
        },
        {
          "name": "28835",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28835"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml"
        },
        {
          "name": "IZ08512",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512"
        },
        {
          "name": "46269",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/46269"
        },
        {
          "name": "29601",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29601"
        },
        {
          "name": "ibm-db2-recoverjar-removejar-dos(41955)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41955"
        },
        {
          "name": "IZ08945",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945"
        },
        {
          "name": "46268",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/46268"
        },
        {
          "name": "29022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29022"
        },
        {
          "name": "20080418 Team SHATTER Security Advisory: Multiple DoS in JAR files manipulation procedures",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/491071/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1966",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IZ15496",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496"
            },
            {
              "name": "28835",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28835"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
            },
            {
              "name": "http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml",
              "refsource": "MISC",
              "url": "http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml"
            },
            {
              "name": "IZ08512",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512"
            },
            {
              "name": "46269",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/46269"
            },
            {
              "name": "29601",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29601"
            },
            {
              "name": "ibm-db2-recoverjar-removejar-dos(41955)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41955"
            },
            {
              "name": "IZ08945",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945"
            },
            {
              "name": "46268",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/46268"
            },
            {
              "name": "29022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29022"
            },
            {
              "name": "20080418 Team SHATTER Security Advisory: Multiple DoS in JAR files manipulation procedures",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/491071/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1966",
    "datePublished": "2008-04-27T18:00:00",
    "dateReserved": "2008-04-27T00:00:00",
    "dateUpdated": "2024-08-07T08:41:00.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1846 (GCVE-0-2011-1846)

Vulnerability from cvelistv5

Published

2011-05-03 20:00

Modified

2024-08-06 22:45

Severity ?

CWE

n/a

Summary

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71375	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66980	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263	vendor-advisory, x_refsource_AIXAPAR
	http://www.vupen.com/english/advisories/2011/1083	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/47525	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71263	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375	vendor-advisory, x_refsource_AIXAPAR
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/44229	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:45:58.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71375"
          },
          {
            "name": "db2-data-services-sec-bypass(66980)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66980"
          },
          {
            "name": "IC71263",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263"
          },
          {
            "name": "ADV-2011-1083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1083"
          },
          {
            "name": "47525",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47525"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71263"
          },
          {
            "name": "IC71375",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375"
          },
          {
            "name": "oval:org.mitre.oval:def:14688",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688"
          },
          {
            "name": "44229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44229"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71375"
        },
        {
          "name": "db2-data-services-sec-bypass(66980)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66980"
        },
        {
          "name": "IC71263",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263"
        },
        {
          "name": "ADV-2011-1083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1083"
        },
        {
          "name": "47525",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47525"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71263"
        },
        {
          "name": "IC71375",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375"
        },
        {
          "name": "oval:org.mitre.oval:def:14688",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688"
        },
        {
          "name": "44229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44229"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1846",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71375",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71375"
            },
            {
              "name": "db2-data-services-sec-bypass(66980)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66980"
            },
            {
              "name": "IC71263",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263"
            },
            {
              "name": "ADV-2011-1083",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1083"
            },
            {
              "name": "47525",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47525"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71263",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71263"
            },
            {
              "name": "IC71375",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375"
            },
            {
              "name": "oval:org.mitre.oval:def:14688",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688"
            },
            {
              "name": "44229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44229"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1846",
    "datePublished": "2011-05-03T20:00:00",
    "dateReserved": "2011-05-03T00:00:00",
    "dateUpdated": "2024-08-06T22:45:58.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30448 (GCVE-0-2023-30448)

Vulnerability from cvelistv5

Published

2023-07-08 18:19

Modified

2025-02-13 16:49

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010557	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/253437	vdb-entry
	https://security.netapp.com/advisory/ntap-20230731-0007/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:21:44.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010557"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253437"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30448",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T17:24:09.388479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T17:24:23.227Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  253437."
            }
          ],
          "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  253437."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:48.298Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010557"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253437"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30448",
    "datePublished": "2023-07-08T18:19:59.040Z",
    "dateReserved": "2023-04-08T15:56:40.869Z",
    "dateUpdated": "2025-02-13T16:49:28.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2196 (GCVE-0-2012-2196)

Vulnerability from cvelistv5

Published

2012-07-25 10:00

Modified

2024-08-06 19:26

Severity ?

CWE

n/a

Summary

IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/49919	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/54487	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21600837	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC84712",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712"
          },
          {
            "name": "IC84751",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751"
          },
          {
            "name": "49919",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49919"
          },
          {
            "name": "54487",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54487"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
          },
          {
            "name": "IC84614",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614"
          },
          {
            "name": "IC84750",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750"
          },
          {
            "name": "IC84748",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-21T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IC84712",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712"
        },
        {
          "name": "IC84751",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751"
        },
        {
          "name": "49919",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49919"
        },
        {
          "name": "54487",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54487"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
        },
        {
          "name": "IC84614",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614"
        },
        {
          "name": "IC84750",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750"
        },
        {
          "name": "IC84748",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2196",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC84712",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712"
            },
            {
              "name": "IC84751",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751"
            },
            {
              "name": "49919",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49919"
            },
            {
              "name": "54487",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54487"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
            },
            {
              "name": "IC84614",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614"
            },
            {
              "name": "IC84750",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750"
            },
            {
              "name": "IC84748",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2196",
    "datePublished": "2012-07-25T10:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4014 (GCVE-0-2019-4014)

Vulnerability from cvelistv5

Published

2019-04-03 13:50

Modified

2024-09-16 17:54

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10878793	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/155892	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

►

IBM

DB2

Version: 9.7
Version: 10.1
Version: 10.5

IBM

Db2

Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878793"
          },
          {
            "name": "ibm-db2-cve20194014-bo (155892)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155892"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            }
          ]
        },
        {
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-04-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/S:U/PR:N/A:H/AC:L/C:H/AV:L/I:H/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-03T13:50:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878793"
        },
        {
          "name": "ibm-db2-cve20194014-bo (155892)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155892"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-04-02T00:00:00",
          "ID": "CVE-2019-4014",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Db2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10878793",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 878793 (Db2)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878793"
            },
            {
              "name": "ibm-db2-cve20194014-bo (155892)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155892"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4014",
    "datePublished": "2019-04-03T13:50:29.652995Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:54:01.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6097 (GCVE-0-2014-6097)

Vulnerability from cvelistv5

Published

2014-11-08 11:00

Modified

2024-08-06 12:03

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21684812	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/95945	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684812"
          },
          {
            "name": "ibm-db2-cve20146097-dos(95945)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95945"
          },
          {
            "name": "IT04034",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034"
          },
          {
            "name": "IT03786",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684812"
        },
        {
          "name": "ibm-db2-cve20146097-dos(95945)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95945"
        },
        {
          "name": "IT04034",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034"
        },
        {
          "name": "IT03786",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6097",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684812",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684812"
            },
            {
              "name": "ibm-db2-cve20146097-dos(95945)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95945"
            },
            {
              "name": "IT04034",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034"
            },
            {
              "name": "IT03786",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6097",
    "datePublished": "2014-11-08T11:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4387 (GCVE-0-2020-4387)

Vulnerability from cvelistv5

Published

2020-07-01 14:25

Modified

2024-09-16 20:06

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6242336	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/179269	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6242336"
          },
          {
            "name": "ibm-db2-cve20204387-info-disc (179269)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/UI:N/PR:N/A:N/AC:L/I:N/AV:L/S:U/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-01T14:25:32",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6242336"
        },
        {
          "name": "ibm-db2-cve20204387-info-disc (179269)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-30T00:00:00",
          "ID": "CVE-2020-4387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6242336",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6242336 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6242336"
            },
            {
              "name": "ibm-db2-cve20204387-info-disc (179269)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4387",
    "datePublished": "2020-07-01T14:25:32.753616Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T20:06:33.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1459 (GCVE-0-2018-1459)

Vulnerability from cvelistv5

Published

2018-05-25 14:00

Modified

2024-09-16 22:25

Severity ?

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/140210	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1041005	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg22016142	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-db2-cve20181459-bo(140210)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140210"
          },
          {
            "name": "1041005",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016142"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-08T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-db2-cve20181459-bo(140210)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140210"
        },
        {
          "name": "1041005",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016142"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-23T00:00:00",
          "ID": "CVE-2018-1459",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-db2-cve20181459-bo(140210)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140210"
            },
            {
              "name": "1041005",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041005"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016142",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016142"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1459",
    "datePublished": "2018-05-25T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T22:25:30.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-39002 (GCVE-0-2021-39002)

Vulnerability from cvelistv5

Published

2021-12-09 17:00

Modified

2024-09-16 20:13

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6523802	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/213217	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20220114-0002/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:17.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6523802"
          },
          {
            "name": "ibm-db2-cve202139002-info-disc (213217)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/UI:N/S:U/AV:N/PR:N/C:H/AC:H/I:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-14T06:06:15",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6523802"
        },
        {
          "name": "ibm-db2-cve202139002-info-disc (213217)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-12-08T00:00:00",
          "ID": "CVE-2021-39002",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6523802",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6523802 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6523802"
            },
            {
              "name": "ibm-db2-cve202139002-info-disc (213217)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220114-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-39002",
    "datePublished": "2021-12-09T17:00:32.094581Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-16T20:13:31.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41761 (GCVE-0-2024-41761)

Vulnerability from cvelistv5

Published

2024-11-23 01:57

Modified

2024-11-23 13:28

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-789 - Uncontrolled Memory Allocation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7175947

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41761",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-23T13:20:54.856426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-23T13:28:21.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-23T01:57:40.048Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7175947"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-41761",
    "datePublished": "2024-11-23T01:57:40.048Z",
    "dateReserved": "2024-07-22T12:02:49.316Z",
    "dateUpdated": "2024-11-23T13:28:21.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1711 (GCVE-0-2018-1711)

Vulnerability from cvelistv5

Published

2018-09-21 13:00

Modified

2024-09-17 01:21

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369.

References

►

URL

Tags

	http://www.securityfocus.com/bid/105390	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1042175	vdb-entry, x_refsource_SECTRACK
	https://www.ibm.com/support/docview.wss?uid=ibm10729983	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/146369	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105390",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105390"
          },
          {
            "name": "1042175",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042175"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729983"
          },
          {
            "name": "ibm-db2-cve20181711-priv-escalation(146369)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146369"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-02T10:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "105390",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105390"
        },
        {
          "name": "1042175",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042175"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729983"
        },
        {
          "name": "ibm-db2-cve20181711-priv-escalation(146369)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146369"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-09-18T00:00:00",
          "ID": "CVE-2018-1711",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105390",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105390"
            },
            {
              "name": "1042175",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042175"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10729983",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729983"
            },
            {
              "name": "ibm-db2-cve20181711-priv-escalation(146369)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146369"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1711",
    "datePublished": "2018-09-21T13:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T01:21:12.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2197 (GCVE-0-2012-2197)

Vulnerability from cvelistv5

Published

2012-07-25 10:00

Modified

2024-08-06 19:26

Severity ?

CWE

n/a

Summary

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/49919	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/54487	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21600837	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:09.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC84753",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753"
          },
          {
            "name": "IC84754",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754"
          },
          {
            "name": "49919",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49919"
          },
          {
            "name": "54487",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54487"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
          },
          {
            "name": "IC84755",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755"
          },
          {
            "name": "IC84555",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555"
          },
          {
            "name": "IC84752",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-21T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IC84753",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753"
        },
        {
          "name": "IC84754",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754"
        },
        {
          "name": "49919",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49919"
        },
        {
          "name": "54487",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54487"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
        },
        {
          "name": "IC84755",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755"
        },
        {
          "name": "IC84555",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555"
        },
        {
          "name": "IC84752",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2197",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC84753",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753"
            },
            {
              "name": "IC84754",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754"
            },
            {
              "name": "49919",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49919"
            },
            {
              "name": "54487",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54487"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
            },
            {
              "name": "IC84755",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755"
            },
            {
              "name": "IC84555",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555"
            },
            {
              "name": "IC84752",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2197",
    "datePublished": "2012-07-25T10:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:09.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4230 (GCVE-0-2020-4230)

Vulnerability from cvelistv5

Published

2020-02-19 15:15

Modified

2024-09-16 19:31

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/2878809	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/175212	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/2878809"
          },
          {
            "name": "ibm-db2-cve20204230-priv-escalation (175212)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175212"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:H/AV:L/C:H/AC:L/S:U/UI:N/PR:H/A:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T15:15:47",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/2878809"
        },
        {
          "name": "ibm-db2-cve20204230-priv-escalation (175212)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175212"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-18T00:00:00",
          "ID": "CVE-2020-4230",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/2878809",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 2878809 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/2878809"
            },
            {
              "name": "ibm-db2-cve20204230-priv-escalation (175212)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175212"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4230",
    "datePublished": "2020-02-19T15:15:47.143826Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T19:31:38.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4102 (GCVE-0-2019-4102)

Vulnerability from cvelistv5

Published

2019-07-01 15:05

Modified

2024-09-17 04:05

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880743	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/158092	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/109026	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880743"
          },
          {
            "name": "ibm-db2-cve20194102-info-disc (158092)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092"
          },
          {
            "name": "109026",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/S:U/I:N/UI:N/C:H/PR:N/AC:H/AV:N/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-04T13:06:03",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880743"
        },
        {
          "name": "ibm-db2-cve20194102-info-disc (158092)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092"
        },
        {
          "name": "109026",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109026"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-27T00:00:00",
          "ID": "CVE-2019-4102",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880743",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880743 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880743"
            },
            {
              "name": "ibm-db2-cve20194102-info-disc (158092)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092"
            },
            {
              "name": "109026",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109026"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4102",
    "datePublished": "2019-07-01T15:05:37.682948Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T04:05:02.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31881 (GCVE-0-2024-31881)

Vulnerability from cvelistv5

Published

2024-06-12 18:21

Modified

2024-08-02 01:59

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7156852	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/287613	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T18:19:10.584437Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T18:19:20.537Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:59:50.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7156852"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287613"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T18:21:45.458Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7156852"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287613"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-31881",
    "datePublished": "2024-06-12T18:21:45.458Z",
    "dateReserved": "2024-04-07T12:44:46.960Z",
    "dateUpdated": "2024-08-02T01:59:50.628Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3196 (GCVE-0-2010-3196)

Vulnerability from cvelistv5

Published

2010-08-31 21:00

Modified

2024-08-07 03:03

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008	vendor-advisory, x_refsource_AIXAPAR
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:17.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "name": "IC67008",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008"
          },
          {
            "name": "oval:org.mitre.oval:def:14472",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "name": "IC67008",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008"
        },
        {
          "name": "oval:org.mitre.oval:def:14472",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3196",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
            },
            {
              "name": "IC67008",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008"
            },
            {
              "name": "oval:org.mitre.oval:def:14472",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3196",
    "datePublished": "2010-08-31T21:00:00",
    "dateReserved": "2010-08-31T00:00:00",
    "dateUpdated": "2024-08-07T03:03:17.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4355 (GCVE-0-2020-4355)

Vulnerability from cvelistv5

Published

2020-07-01 14:25

Modified

2024-09-17 03:07

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6242350	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/178507	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6242350"
          },
          {
            "name": "ibm-db2-cve20204355-dos (178507)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:N/AV:N/S:U/C:N/UI:N/PR:N/A:L/AC:L/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-01T14:25:30",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6242350"
        },
        {
          "name": "ibm-db2-cve20204355-dos (178507)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-30T00:00:00",
          "ID": "CVE-2020-4355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6242350",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6242350 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6242350"
            },
            {
              "name": "ibm-db2-cve20204355-dos (178507)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4355",
    "datePublished": "2020-07-01T14:25:30.996706Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:07:54.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30447 (GCVE-0-2023-30447)

Vulnerability from cvelistv5

Published

2023-07-08 18:07

Modified

2025-02-13 16:49

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010557	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/253436	vdb-entry
	https://security.netapp.com/advisory/ntap-20230731-0007/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:21:44.862Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010557"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253436"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30447",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T19:59:52.215552Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T20:02:28.157Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  253436."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  253436."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:46.863Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010557"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253436"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30447",
    "datePublished": "2023-07-08T18:07:15.751Z",
    "dateReserved": "2023-04-08T15:56:40.869Z",
    "dateUpdated": "2025-02-13T16:49:27.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40692 (GCVE-0-2023-40692)

Vulnerability from cvelistv5

Published

2023-12-03 23:51

Modified

2025-02-13 17:08

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7087157	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/264807	vdb-entry
	https://security.netapp.com/advisory/ntap-20240119-0001/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:51.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7087157"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264807"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40692",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T18:41:20.903506Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T18:41:42.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions.  IBM X-Force ID:  264807."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions.  IBM X-Force ID:  264807."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-19T16:06:49.700Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7087157"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264807"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-40692",
    "datePublished": "2023-12-03T23:51:06.202Z",
    "dateReserved": "2023-08-18T15:48:17.570Z",
    "dateUpdated": "2025-02-13T17:08:39.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40687 (GCVE-0-2023-40687)

Vulnerability from cvelistv5

Published

2023-12-04 01:10

Modified

2025-02-13 17:08

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7087149	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/264809	vdb-entry
	https://security.netapp.com/advisory/ntap-20240119-0001/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:51.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7087149"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264809"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table.  IBM X-Force ID:  264809."
            }
          ],
          "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table.  IBM X-Force ID:  264809."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-19T16:06:56.078Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7087149"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264809"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-40687",
    "datePublished": "2023-12-04T01:10:23.988Z",
    "dateReserved": "2023-08-18T15:48:06.502Z",
    "dateUpdated": "2025-02-13T17:08:38.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0713 (GCVE-0-2012-0713)

Vulnerability from cvelistv5

Published

2012-08-24 10:00

Modified

2024-08-06 18:30

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/53873	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:30:54.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC81462",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462"
          },
          {
            "name": "53873",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53873"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-02T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IC81462",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462"
        },
        {
          "name": "53873",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53873"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0713",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC81462",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462"
            },
            {
              "name": "53873",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53873"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0713",
    "datePublished": "2012-08-24T10:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:30:54.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1452 (GCVE-0-2017-1452)

Vulnerability from cvelistv5

Published

2017-09-12 21:00

Modified

2024-09-16 21:58

Severity ?

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/128180	x_refsource_MISC
	http://www.securityfocus.com/bid/100698	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1039299	vdb-entry, x_refsource_SECTRACK
	http://www.ibm.com/support/docview.wss?uid=swg22006109	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:30.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180"
          },
          {
            "name": "100698",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100698"
          },
          {
            "name": "1039299",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039299"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006109"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180"
        },
        {
          "name": "100698",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100698"
        },
        {
          "name": "1039299",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039299"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006109"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-09-07T00:00:00",
          "ID": "CVE-2017-1452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180"
            },
            {
              "name": "100698",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100698"
            },
            {
              "name": "1039299",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039299"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006109",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006109"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1452",
    "datePublished": "2017-09-12T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T21:58:11.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4691 (GCVE-0-2008-4691)

Vulnerability from cvelistv5

Published

2008-10-22 17:00

Modified

2024-08-07 10:24

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364	vendor-advisory, x_refsource_AIXAPAR
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/2893	vdb-entry, x_refsource_VUPEN
	http://www-01.ibm.com/support/docview.wss?uid=swg27013892	x_refsource_CONFIRM
	http://secunia.com/advisories/32368	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:24:20.723Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "LI73364",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
          },
          {
            "name": "ADV-2008-2893",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2893"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
          },
          {
            "name": "32368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-21T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "LI73364",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
        },
        {
          "name": "ADV-2008-2893",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2893"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
        },
        {
          "name": "32368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32368"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4691",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "LI73364",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
            },
            {
              "name": "ADV-2008-2893",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2893"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
            },
            {
              "name": "32368",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32368"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4691",
    "datePublished": "2008-10-22T17:00:00",
    "dateReserved": "2008-10-22T00:00:00",
    "dateUpdated": "2024-08-07T10:24:20.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3193 (GCVE-0-2010-3193)

Vulnerability from cvelistv5

Published

2010-08-31 21:00

Modified

2024-08-07 03:03

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2010/2225	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/61444	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/41218	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703	vendor-advisory, x_refsource_AIXAPAR
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-2225",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2225"
          },
          {
            "name": "db2-db2stst-unspecified(61444)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61444"
          },
          {
            "name": "41218",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41218"
          },
          {
            "name": "IC65742",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "name": "IC65703",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703"
          },
          {
            "name": "oval:org.mitre.oval:def:14190",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190"
          },
          {
            "name": "IC65408",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2010-2225",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2225"
        },
        {
          "name": "db2-db2stst-unspecified(61444)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61444"
        },
        {
          "name": "41218",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41218"
        },
        {
          "name": "IC65742",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "name": "IC65703",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703"
        },
        {
          "name": "oval:org.mitre.oval:def:14190",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190"
        },
        {
          "name": "IC65408",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3193",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-2225",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2225"
            },
            {
              "name": "db2-db2stst-unspecified(61444)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61444"
            },
            {
              "name": "41218",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41218"
            },
            {
              "name": "IC65742",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
            },
            {
              "name": "IC65703",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703"
            },
            {
              "name": "oval:org.mitre.oval:def:14190",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190"
            },
            {
              "name": "IC65408",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3193",
    "datePublished": "2010-08-31T21:00:00",
    "dateReserved": "2010-08-31T00:00:00",
    "dateUpdated": "2024-08-07T03:03:18.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-33114 (GCVE-0-2025-33114)

Vulnerability from cvelistv5

Published

2025-07-29 18:41

Modified

2025-07-29 18:47

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

Summary

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain non-default conditions.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7240943

vendor-advisory, patch

Impacted products

	Vendor	Product	Version
	IBM	Db2	Version: 12.1.0 Version: 12.1.1 Version: 12.1.2 cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.2:::::linux::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33114",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-29T18:47:24.280212Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T18:47:53.548Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1.0"
            },
            {
              "status": "affected",
              "version": "12.1.1"
            },
            {
              "status": "affected",
              "version": "12.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to denial of service with a specially crafted query under certain non-default conditions.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\n\n\nis vulnerable to denial of service with a specially crafted query under certain non-default conditions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-943",
              "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T18:41:15.788Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7240943"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V12.1.1, V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eRelease  Fixed in mod pack  APAR  Download URL\u003cbr\u003eV12.1 \u0026nbsp;  V12.1.2  DT426060  \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V12.1.1, V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\n \n\nRelease  Fixed in mod pack  APAR  Download URL\nV12.1 \u00a0  V12.1.2  DT426060  \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-33114",
    "datePublished": "2025-07-29T18:41:15.788Z",
    "dateReserved": "2025-04-15T17:50:49.744Z",
    "dateUpdated": "2025-07-29T18:47:53.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1520 (GCVE-0-2017-1520)

Vulnerability from cvelistv5

Published

2017-09-12 21:00

Modified

2024-09-16 17:37

Severity ?

CWE

Configuration

Summary

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039308	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/100684	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/129830	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22007186	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039308",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039308"
          },
          {
            "name": "100684",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100684"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22007186"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Configuration",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1039308",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039308"
        },
        {
          "name": "100684",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100684"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22007186"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-09-08T00:00:00",
          "ID": "CVE-2017-1520",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Configuration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039308",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039308"
            },
            {
              "name": "100684",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100684"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22007186",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22007186"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1520",
    "datePublished": "2017-09-12T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T17:37:46.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1297 (GCVE-0-2017-1297)

Vulnerability from cvelistv5

Published

2017-06-27 16:00

Modified

2024-08-05 13:32

Severity ?

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.

References

►

URL

Tags

	http://www.securityfocus.com/bid/99271	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/125159	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22004878	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038772	vdb-entry, x_refsource_SECTRACK
	https://www.exploit-db.com/exploits/42260/	exploit, x_refsource_EXPLOIT-DB

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99271",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99271"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22004878"
          },
          {
            "name": "1038772",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038772"
          },
          {
            "name": "42260",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42260/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-11T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "99271",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99271"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22004878"
        },
        {
          "name": "1038772",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038772"
        },
        {
          "name": "42260",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42260/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1297",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99271",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99271"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22004878",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22004878"
            },
            {
              "name": "1038772",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038772"
            },
            {
              "name": "42260",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42260/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1297",
    "datePublished": "2017-06-27T16:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:28.490Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47701 (GCVE-0-2023-47701)

Vulnerability from cvelistv5

Published

2023-12-04 00:19

Modified

2025-02-13 17:18

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7087180	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/266166	vdb-entry
	https://security.netapp.com/advisory/ntap-20240119-0001/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:16:43.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7087180"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266166"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  266166."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  266166."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-19T16:06:51.286Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7087180"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266166"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-47701",
    "datePublished": "2023-12-04T00:19:20.827Z",
    "dateReserved": "2023-11-09T11:30:56.581Z",
    "dateUpdated": "2025-02-13T17:18:06.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1519 (GCVE-0-2017-1519)

Vulnerability from cvelistv5

Published

2017-09-12 21:00

Modified

2024-09-17 02:27

Severity ?

CWE

Denial of Service

Summary

IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039298	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/100688	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg22007183	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/129829	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039298",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039298"
          },
          {
            "name": "100688",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100688"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22007183"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129829"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1039298",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039298"
        },
        {
          "name": "100688",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100688"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22007183"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129829"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-09-07T00:00:00",
          "ID": "CVE-2017-1519",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039298",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039298"
            },
            {
              "name": "100688",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100688"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22007183",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22007183"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129829",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129829"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1519",
    "datePublished": "2017-09-12T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T02:27:20.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1710 (GCVE-0-2018-1710)

Vulnerability from cvelistv5

Published

2018-09-21 13:00

Modified

2024-09-16 20:27

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10729981	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/146364	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/105391	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3906-2/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729981"
          },
          {
            "name": "ibm-db2-cve20181710-bo(146364)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146364"
          },
          {
            "name": "105391",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105391"
          },
          {
            "name": "USN-3906-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T15:06:07",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729981"
        },
        {
          "name": "ibm-db2-cve20181710-bo(146364)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146364"
        },
        {
          "name": "105391",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105391"
        },
        {
          "name": "USN-3906-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-09-18T00:00:00",
          "ID": "CVE-2018-1710",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10729981",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729981"
            },
            {
              "name": "ibm-db2-cve20181710-bo(146364)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146364"
            },
            {
              "name": "105391",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105391"
            },
            {
              "name": "USN-3906-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1710",
    "datePublished": "2018-09-21T13:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T20:27:34.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38931 (GCVE-0-2021-38931)

Vulnerability from cvelistv5

Published

2021-12-09 17:00

Modified

2024-09-17 00:31

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6523810	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/210418	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20220114-0001/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:51:20.839Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6523810"
          },
          {
            "name": "ibm-db2-cve202138931-info-disc (210418)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210418"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220114-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/S:U/AV:N/C:H/AC:L/I:N/UI:N/A:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-14T06:06:13",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6523810"
        },
        {
          "name": "ibm-db2-cve202138931-info-disc (210418)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210418"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220114-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-12-08T00:00:00",
          "ID": "CVE-2021-38931",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6523810",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6523810 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6523810"
            },
            {
              "name": "ibm-db2-cve202138931-info-disc (210418)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210418"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220114-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220114-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38931",
    "datePublished": "2021-12-09T17:00:29.251845Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-17T00:31:46.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0215 (GCVE-0-2016-0215)

Vulnerability from cvelistv5

Published

2018-01-16 19:00

Modified

2024-08-05 22:08

Severity ?

CWE

n/a

Summary

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.

References

►

URL

Tags

http://www-01.ibm.com/support/docview.wss?uid=swg21979986

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:08:13.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979986"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-16T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979986"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0215",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979986",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979986"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0215",
    "datePublished": "2018-01-16T19:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:08:13.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-2582 (GCVE-0-2007-2582)

Vulnerability from cvelistv5

Published

2007-05-09 22:00

Modified

2024-08-07 13:42

Severity ?

CWE

n/a

Summary

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."

References

►

URL

Tags

	http://www.securityfocus.com/bid/26010	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id?1018029	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id?1018801	vdb-entry, x_refsource_SECTRACK
	http://www.zerodayinitiative.com/advisories/ZDI-07-056.html	x_refsource_MISC
	http://www-1.ibm.com/support/search.wss?rs=0&q=IY97750&apar=only	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/34184	vdb-entry, x_refsource_XF
	http://osvdb.org/40973	vdb-entry, x_refsource_OSVDB
	http://osvdb.org/40975	vdb-entry, x_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/1707	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/23890	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/25148	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/482024/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:42:33.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26010",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26010"
          },
          {
            "name": "1018029",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018029"
          },
          {
            "name": "1018801",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018801"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-056.html"
          },
          {
            "name": "IY97750",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY97750\u0026apar=only"
          },
          {
            "name": "db2-db2jdbc-bo(34184)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34184"
          },
          {
            "name": "40973",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40973"
          },
          {
            "name": "40975",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40975"
          },
          {
            "name": "ADV-2007-1707",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1707"
          },
          {
            "name": "23890",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23890"
          },
          {
            "name": "25148",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25148"
          },
          {
            "name": "20071010 ZDI-07-056: IBM DB2 DB2JDS Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482024/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a \"MemTree overflow.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26010",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26010"
        },
        {
          "name": "1018029",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018029"
        },
        {
          "name": "1018801",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018801"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-056.html"
        },
        {
          "name": "IY97750",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY97750\u0026apar=only"
        },
        {
          "name": "db2-db2jdbc-bo(34184)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34184"
        },
        {
          "name": "40973",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40973"
        },
        {
          "name": "40975",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40975"
        },
        {
          "name": "ADV-2007-1707",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1707"
        },
        {
          "name": "23890",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23890"
        },
        {
          "name": "25148",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25148"
        },
        {
          "name": "20071010 ZDI-07-056: IBM DB2 DB2JDS Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482024/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2582",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a \"MemTree overflow.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26010",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26010"
            },
            {
              "name": "1018029",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018029"
            },
            {
              "name": "1018801",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018801"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-056.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-056.html"
            },
            {
              "name": "IY97750",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY97750\u0026apar=only"
            },
            {
              "name": "db2-db2jdbc-bo(34184)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34184"
            },
            {
              "name": "40973",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/40973"
            },
            {
              "name": "40975",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/40975"
            },
            {
              "name": "ADV-2007-1707",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1707"
            },
            {
              "name": "23890",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23890"
            },
            {
              "name": "25148",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25148"
            },
            {
              "name": "20071010 ZDI-07-056: IBM DB2 DB2JDS Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482024/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2582",
    "datePublished": "2007-05-09T22:00:00",
    "dateReserved": "2007-05-09T00:00:00",
    "dateUpdated": "2024-08-07T13:42:33.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4061 (GCVE-0-2011-4061)

Vulnerability from cvelistv5

Published

2011-10-18 01:00

Modified

2024-08-06 23:53

Severity ?

CWE

n/a

Summary

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.

References

►

URL

Tags

	http://www.securityfocus.com/archive/1/518659	mailing-list, x_refsource_BUGTRAQ
	http://www.nth-dimension.org.uk/downloads.php?id=83	x_refsource_MISC
	http://www.securityfocus.com/bid/51181	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/bid/48514	vdb-entry, x_refsource_BID
	http://www.nth-dimension.org.uk/downloads.php?id=77	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063	vdb-entry, signature, x_refsource_OVAL
	http://securityreason.com/securityalert/8476	third-party-advisory, x_refsource_SREASON

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20110629 Breaking the links: Exploiting the linker",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/518659"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nth-dimension.org.uk/downloads.php?id=83"
          },
          {
            "name": "51181",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51181"
          },
          {
            "name": "48514",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48514"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nth-dimension.org.uk/downloads.php?id=77"
          },
          {
            "name": "oval:org.mitre.oval:def:14063",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063"
          },
          {
            "name": "8476",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8476"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20110629 Breaking the links: Exploiting the linker",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/518659"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nth-dimension.org.uk/downloads.php?id=83"
        },
        {
          "name": "51181",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51181"
        },
        {
          "name": "48514",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48514"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nth-dimension.org.uk/downloads.php?id=77"
        },
        {
          "name": "oval:org.mitre.oval:def:14063",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063"
        },
        {
          "name": "8476",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8476"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20110629 Breaking the links: Exploiting the linker",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/518659"
            },
            {
              "name": "http://www.nth-dimension.org.uk/downloads.php?id=83",
              "refsource": "MISC",
              "url": "http://www.nth-dimension.org.uk/downloads.php?id=83"
            },
            {
              "name": "51181",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/51181"
            },
            {
              "name": "48514",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48514"
            },
            {
              "name": "http://www.nth-dimension.org.uk/downloads.php?id=77",
              "refsource": "MISC",
              "url": "http://www.nth-dimension.org.uk/downloads.php?id=77"
            },
            {
              "name": "oval:org.mitre.oval:def:14063",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063"
            },
            {
              "name": "8476",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8476"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-4061",
    "datePublished": "2011-10-18T01:00:00",
    "dateReserved": "2011-10-15T00:00:00",
    "dateUpdated": "2024-08-06T23:53:32.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47145 (GCVE-0-2023-47145)

Vulnerability from cvelistv5

Published

2024-01-07 18:58

Modified

2025-06-11 16:31

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

264 Permissions, Privileges, Access Controls

Summary

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7105500	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/270402	vdb-entry
	https://security.netapp.com/advisory/ntap-20240307-0003/

Impacted products

	Vendor	Product	Version
	IBM	Db2	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:01:22.757Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105500"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270402"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0003/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "db2",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              },
              {
                "status": "affected",
                "version": "11.1"
              },
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T04:00:26.054307Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T16:31:21.692Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality.  IBM X-Force ID:  270402."
            }
          ],
          "value": "IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality.  IBM X-Force ID:  270402."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "264 Permissions, Privileges, Access Controls",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T17:06:35.201Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105500"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270402"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0003/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Windows privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-47145",
    "datePublished": "2024-01-07T18:58:06.166Z",
    "dateReserved": "2023-10-31T00:13:36.928Z",
    "dateUpdated": "2025-06-11T16:31:21.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4693 (GCVE-0-2008-4693)

Vulnerability from cvelistv5

Published

2008-10-22 17:00

Modified

2024-08-07 10:24

Severity ?

CWE

n/a

Summary

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/46022	vdb-entry, x_refsource_XF
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915	vendor-advisory, x_refsource_AIXAPAR
	http://www.vupen.com/english/advisories/2008/2893	vdb-entry, x_refsource_VUPEN
	http://www-01.ibm.com/support/docview.wss?uid=swg27013892	x_refsource_CONFIRM
	http://secunia.com/advisories/32368	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:24:20.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-db2-sortlist-info-disclosure(46022)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46022"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
          },
          {
            "name": "IZ28489",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489"
          },
          {
            "name": "IZ23915",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915"
          },
          {
            "name": "ADV-2008-2893",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2893"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
          },
          {
            "name": "32368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading \"PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ibm-db2-sortlist-info-disclosure(46022)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46022"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
        },
        {
          "name": "IZ28489",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489"
        },
        {
          "name": "IZ23915",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915"
        },
        {
          "name": "ADV-2008-2893",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2893"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
        },
        {
          "name": "32368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32368"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4693",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading \"PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-db2-sortlist-info-disclosure(46022)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46022"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
            },
            {
              "name": "IZ28489",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489"
            },
            {
              "name": "IZ23915",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915"
            },
            {
              "name": "ADV-2008-2893",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2893"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
            },
            {
              "name": "32368",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32368"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4693",
    "datePublished": "2008-10-22T17:00:00",
    "dateReserved": "2008-10-22T00:00:00",
    "dateUpdated": "2024-08-07T10:24:20.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27558 (GCVE-0-2023-27558)

Vulnerability from cvelistv5

Published

2023-07-09 23:32

Modified

2025-02-13 16:45

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

264 Permissions, Privileges, Access Controls

Summary

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010571	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/249194	vdb-entry
	https://security.netapp.com/advisory/ntap-20230818-0017/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:35.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010571"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249194"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230818-0017/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2_windows:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "db2_windows",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              },
              {
                "status": "affected",
                "version": "11.1"
              },
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T19:29:15.982408Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T19:31:15.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path.   A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service.  IBM X-Force ID:  249194."
            }
          ],
          "value": "IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path.   A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service.  IBM X-Force ID:  249194."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "264 Permissions, Privileges, Access Controls",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T13:06:28.594Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010571"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249194"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230818-0017/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27558",
    "datePublished": "2023-07-09T23:32:13.179Z",
    "dateReserved": "2023-03-02T20:39:33.983Z",
    "dateUpdated": "2025-02-13T16:45:27.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40373 (GCVE-0-2023-40373)

Vulnerability from cvelistv5

Published

2023-10-16 23:08

Modified

2025-02-13 17:07

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7047563	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/263574	vdb-entry
	https://security.netapp.com/advisory/ntap-20231116-0006/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:31:53.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047563"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40373",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-13T18:58:04.400746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-13T18:58:22.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions.  IBM X-Force ID:  263574."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions.  IBM X-Force ID:  263574."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T15:06:56.014Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047563"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-40373",
    "datePublished": "2023-10-16T23:08:25.937Z",
    "dateReserved": "2023-08-14T20:12:05.635Z",
    "dateUpdated": "2025-02-13T17:07:45.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3732 (GCVE-0-2010-3732)

Vulnerability from cvelistv5

Published

2010-10-05 17:00

Modified

2024-08-07 03:18

Severity ?

CWE

n/a

Summary

The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.

References

►

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219	vdb-entry, signature, x_refsource_OVAL
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:14219",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "name": "IZ56428",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:14219",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "name": "IZ56428",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3732",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:14219",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "IZ56428",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3732",
    "datePublished": "2010-10-05T17:00:00",
    "dateReserved": "2010-10-05T00:00:00",
    "dateUpdated": "2024-08-07T03:18:52.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-1797 (GCVE-0-2012-1797)

Vulnerability from cvelistv5

Published

2012-03-20 20:00

Modified

2024-08-06 19:08

Severity ?

CWE

n/a

Summary

IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/74326	vdb-entry, x_refsource_XF
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:08:38.582Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC79518"
          },
          {
            "name": "db2-nodes-unspecified(74326)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74326"
          },
          {
            "name": "oval:org.mitre.oval:def:14922",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922"
          },
          {
            "name": "IC79518",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC79518"
        },
        {
          "name": "db2-nodes-unspecified(74326)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74326"
        },
        {
          "name": "oval:org.mitre.oval:def:14922",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922"
        },
        {
          "name": "IC79518",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC79518",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC79518"
            },
            {
              "name": "db2-nodes-unspecified(74326)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74326"
            },
            {
              "name": "oval:org.mitre.oval:def:14922",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922"
            },
            {
              "name": "IC79518",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-1797",
    "datePublished": "2012-03-20T20:00:00",
    "dateReserved": "2012-03-20T00:00:00",
    "dateUpdated": "2024-08-06T19:08:38.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29763 (GCVE-0-2021-29763)

Vulnerability from cvelistv5

Published

2021-09-16 15:50

Modified

2024-09-16 20:36

Severity ?

5.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6489493	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/202267	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20211029-0005/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6489493"
          },
          {
            "name": "ibm-db2-cve202129763-dos (202267)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:N/AV:L/S:U/PR:N/A:H/UI:N/C:N/AC:H/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-29T12:06:20",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6489493"
        },
        {
          "name": "ibm-db2-cve202129763-dos (202267)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-09-15T00:00:00",
          "ID": "CVE-2021-29763",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "L",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6489493",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6489493 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6489493"
            },
            {
              "name": "ibm-db2-cve202129763-dos (202267)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211029-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29763",
    "datePublished": "2021-09-16T15:50:18.694225Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T20:36:26.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4642 (GCVE-0-2020-4642)

Vulnerability from cvelistv5

Published

2020-12-23 16:30

Modified

2024-09-16 22:50

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6391652	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/185589	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210129-0009/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:49.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6391652"
          },
          {
            "name": "ibm-db2-cve20204642-dos (185589)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210129-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the \"DB2 Management Service\"."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/C:N/UI:N/PR:N/I:N/AV:L/AC:L/A:H/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-29T06:06:11",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6391652"
        },
        {
          "name": "ibm-db2-cve20204642-dos (185589)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210129-0009/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-12-22T00:00:00",
          "ID": "CVE-2020-4642",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the \"DB2 Management Service\"."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6391652",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6391652 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6391652"
            },
            {
              "name": "ibm-db2-cve20204642-dos (185589)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210129-0009/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210129-0009/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4642",
    "datePublished": "2020-12-23T16:30:15.419298Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T22:50:23.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22483 (GCVE-0-2022-22483)

Vulnerability from cvelistv5

Published

2022-09-13 20:45

Modified

2024-09-16 17:04

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6618779
	https://exchange.xforce.ibmcloud.com/vulnerabilities/225979	vdb-entry
	https://security.netapp.com/advisory/ntap-20230921-0004/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:55.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6618779"
          },
          {
            "name": "ibm-db2-cve202222483-info-disc (225979)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230921-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2022-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/AV:N/PR:L/S:U/AC:L/C:H/A:N/I:N/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-21T16:06:15.731833",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/6618779"
        },
        {
          "name": "ibm-db2-cve202222483-info-disc (225979)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230921-0004/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-22483",
    "datePublished": "2022-09-13T20:45:24.113307Z",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:04:06.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6744 (GCVE-0-2013-6744)

Vulnerability from cvelistv5

Published

2014-05-30 23:00

Modified

2024-08-06 17:46

Severity ?

CWE

n/a

Summary

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=swg21610582#4	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/89860	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=swg1IC99480	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=swg21673947	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:46:23.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC99481",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
          },
          {
            "name": "IC98849",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849"
          },
          {
            "name": "IC99478",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478"
          },
          {
            "name": "ibm-db2-cve20136744-priv-escalation(89860)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89860"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC99480"
          },
          {
            "name": "IC99480",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21673947"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IC99481",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
        },
        {
          "name": "IC98849",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849"
        },
        {
          "name": "IC99478",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478"
        },
        {
          "name": "ibm-db2-cve20136744-priv-escalation(89860)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89860"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC99480"
        },
        {
          "name": "IC99480",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21673947"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-6744",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC99481",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
            },
            {
              "name": "IC98849",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849"
            },
            {
              "name": "IC99478",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478"
            },
            {
              "name": "ibm-db2-cve20136744-priv-escalation(89860)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89860"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg1IC99480",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC99480"
            },
            {
              "name": "IC99480",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21673947",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21673947"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-6744",
    "datePublished": "2014-05-30T23:00:00",
    "dateReserved": "2013-11-08T00:00:00",
    "dateUpdated": "2024-08-06T17:46:23.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4805 (GCVE-0-2014-4805)

Vulnerability from cvelistv5

Published

2014-09-04 10:00

Modified

2024-08-06 11:27

Severity ?

CWE

n/a

Summary

IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/95307	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21681723	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1030806	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IT03761",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761"
          },
          {
            "name": "ibm-db2-cve20144805-info-disc(95307)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95307"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681723"
          },
          {
            "name": "1030806",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030806"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IT03761",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761"
        },
        {
          "name": "ibm-db2-cve20144805-info-disc(95307)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95307"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681723"
        },
        {
          "name": "1030806",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030806"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4805",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IT03761",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761"
            },
            {
              "name": "ibm-db2-cve20144805-info-disc(95307)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95307"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681723",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681723"
            },
            {
              "name": "1030806",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030806"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4805",
    "datePublished": "2014-09-04T10:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0157 (GCVE-0-2015-0157)

Vulnerability from cvelistv5

Published

2015-07-20 01:00

Modified

2024-08-06 04:03

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07108	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07103	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21697987	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/75947	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07107	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07109	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id/1032882	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IT07108",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07108"
          },
          {
            "name": "IT07103",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07103"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697987"
          },
          {
            "name": "75947",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75947"
          },
          {
            "name": "IT07107",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07107"
          },
          {
            "name": "IT07109",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07109"
          },
          {
            "name": "1032882",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032882"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IT07108",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07108"
        },
        {
          "name": "IT07103",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07103"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697987"
        },
        {
          "name": "75947",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75947"
        },
        {
          "name": "IT07107",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07107"
        },
        {
          "name": "IT07109",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07109"
        },
        {
          "name": "1032882",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032882"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0157",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IT07108",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07108"
            },
            {
              "name": "IT07103",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07103"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697987",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697987"
            },
            {
              "name": "75947",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75947"
            },
            {
              "name": "IT07107",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07107"
            },
            {
              "name": "IT07109",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07109"
            },
            {
              "name": "1032882",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032882"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0157",
    "datePublished": "2015-07-20T01:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4257 (GCVE-0-2006-4257)

Vulnerability from cvelistv5

Published

2006-08-21 20:00

Modified

2024-08-07 19:06

Severity ?

CWE

n/a

Summary

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.

References

►

URL

Tags

	http://www.securityfocus.com/archive/1/445298/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	vendor-advisory, x_refsource_AIXAPAR
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	vendor-advisory, x_refsource_AIXAPAR
	http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml	x_refsource_MISC
	http://www.vupen.com/english/advisories/2006/3328	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/19586	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/21550	third-party-advisory, x_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg24013114	x_refsource_MISC
	http://www.securityfocus.com/archive/1/454307/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:06.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060906 Details for BID 19586",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445298/100/0/threaded"
          },
          {
            "name": "IY87211",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "IY86917",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml"
          },
          {
            "name": "ADV-2006-3328",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3328"
          },
          {
            "name": "19586",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19586"
          },
          {
            "name": "21550",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21550"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013114"
          },
          {
            "name": "20061213 IBM DB2 Remote DoS during CONNECT processing",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/454307/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060906 Details for BID 19586",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445298/100/0/threaded"
        },
        {
          "name": "IY87211",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "IY86917",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml"
        },
        {
          "name": "ADV-2006-3328",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3328"
        },
        {
          "name": "19586",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19586"
        },
        {
          "name": "21550",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21550"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013114"
        },
        {
          "name": "20061213 IBM DB2 Remote DoS during CONNECT processing",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/454307/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4257",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060906 Details for BID 19586",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445298/100/0/threaded"
            },
            {
              "name": "IY87211",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "IY86917",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml",
              "refsource": "MISC",
              "url": "http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml"
            },
            {
              "name": "ADV-2006-3328",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3328"
            },
            {
              "name": "19586",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19586"
            },
            {
              "name": "21550",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21550"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24013114",
              "refsource": "MISC",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013114"
            },
            {
              "name": "20061213 IBM DB2 Remote DoS during CONNECT processing",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/454307/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4257",
    "datePublished": "2006-08-21T20:00:00",
    "dateReserved": "2006-08-21T00:00:00",
    "dateUpdated": "2024-08-07T19:06:06.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29257 (GCVE-0-2023-29257)

Vulnerability from cvelistv5

Published

2023-04-26 12:56

Modified

2025-02-13 16:49

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

284 Improper Access Control

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6985691	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/252011	vdb-entry
	https://security.netapp.com/advisory/ntap-20230511-0010/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:16.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6985691"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252011"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29257",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-31T16:12:24.120987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-31T16:12:32.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance.  IBM X-Force ID:  252011."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance.  IBM X-Force ID:  252011."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "284 Improper Access Control",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-11T14:06:22.206Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6985691"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252011"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-29257",
    "datePublished": "2023-04-26T12:56:10.502Z",
    "dateReserved": "2023-04-04T18:45:55.862Z",
    "dateUpdated": "2025-02-13T16:49:05.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1488 (GCVE-0-2018-1488)

Vulnerability from cvelistv5

Published

2018-05-25 14:00

Modified

2024-09-17 03:55

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22016141	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040968	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/140973	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.271Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016141"
          },
          {
            "name": "1040968",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040968"
          },
          {
            "name": "ibm-db2-cve20181488-bo(140973)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140973"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016141"
        },
        {
          "name": "1040968",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040968"
        },
        {
          "name": "ibm-db2-cve20181488-bo(140973)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140973"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-22T00:00:00",
          "ID": "CVE-2018-1488",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016141",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016141"
            },
            {
              "name": "1040968",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040968"
            },
            {
              "name": "ibm-db2-cve20181488-bo(140973)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140973"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1488",
    "datePublished": "2018-05-25T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:55:08.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-1051 (GCVE-0-2003-1051)

Vulnerability from cvelistv5

Published

2004-08-20 04:00

Modified

2024-08-08 02:12

Severity ?

CWE

n/a

Summary

Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

References

►

URL

Tags

	http://www.securityfocus.com/bid/8989	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/13633	vdb-entry, x_refsource_XF
	http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt	x_refsource_MISC
	http://www.securityfocus.com/archive/1/343804	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:12:35.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "8989",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8989"
          },
          {
            "name": "db2-multiple-binaries-bo(13633)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
          },
          {
            "name": "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/343804"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "8989",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8989"
        },
        {
          "name": "db2-multiple-binaries-bo(13633)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
        },
        {
          "name": "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/343804"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "8989",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8989"
            },
            {
              "name": "db2-multiple-binaries-bo(13633)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
            },
            {
              "name": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt",
              "refsource": "MISC",
              "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
            },
            {
              "name": "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/343804"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1051",
    "datePublished": "2004-08-20T04:00:00",
    "dateReserved": "2004-08-19T00:00:00",
    "dateUpdated": "2024-08-08T02:12:35.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38727 (GCVE-0-2023-38727)

Vulnerability from cvelistv5

Published

2023-12-04 01:08

Modified

2025-02-13 17:02

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7087143	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/262257	vdb-entry
	https://security.netapp.com/advisory/ntap-20240119-0001/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7087143"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262257"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38727",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-10T20:01:21.953447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T18:39:25.963Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement.  IBM X-Force ID:  262257."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement.  IBM X-Force ID:  262257."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-19T16:06:54.464Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7087143"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262257"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-38727",
    "datePublished": "2023-12-04T01:08:48.495Z",
    "dateReserved": "2023-07-25T00:01:06.101Z",
    "dateUpdated": "2025-02-13T17:02:34.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-25930 (GCVE-0-2023-25930)

Vulnerability from cvelistv5

Published

2023-04-28 17:35

Modified

2025-01-30 19:23

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6985677	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/247862	vdb-entry
	https://security.netapp.com/advisory/ntap-20230511-0010/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:39:05.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6985677"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247862"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T19:23:28.497874Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T19:23:32.414Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service.  Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally.  IBM X-Force ID:  247862."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service.  Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally.  IBM X-Force ID:  247862."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-12T03:15:17.732Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6985677"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247862"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-25930",
    "datePublished": "2023-04-28T17:35:43.607Z",
    "dateReserved": "2023-02-16T16:39:45.213Z",
    "dateUpdated": "2025-01-30T19:23:32.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-51473 (GCVE-0-2024-51473)

Vulnerability from cvelistv5

Published

2025-07-29 19:02

Modified

2025-08-17 01:21

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7240944

vendor-advisory, patch

Impacted products

	Vendor	Product	Version
	IBM	Db2	Version: 10.5.0.0 ≤ 10.5.0.11 Version: 11.1.0 ≤ 11.1.4.7 Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.2 cpe:2.3:a:ibm:db2:10.5.0:::::linux:: cpe:2.3:a:ibm:db2:10.5.0:::::unix:: cpe:2.3:a:ibm:db2:10.5.0:::::aix:: cpe:2.3:a:ibm:db2:10.5.0:::::windows:: cpe:2.3:a:ibm:db2:10.5.0:::::zos:: cpe:2.3:a:ibm:db2:10.5.11:::::linux:: cpe:2.3:a:ibm:db2:10.5.11:::::unix:: cpe:2.3:a:ibm:db2:10.5.11:::::aix:: cpe:2.3:a:ibm:db2:10.5.11:::::windows:: cpe:2.3:a:ibm:db2:10.5.11:::::zos:: cpe:2.3:a:ibm:db2:11.1.0:::::linux:: cpe:2.3:a:ibm:db2:11.1.0:::::unix:: cpe:2.3:a:ibm:db2:11.1.0:::::aix:: cpe:2.3:a:ibm:db2:11.1.0:::::windows:: cpe:2.3:a:ibm:db2:11.1.0:::::zos:: cpe:2.3:a:ibm:db2:11.1.4.7:::::linux:: cpe:2.3:a:ibm:db2:11.1.4.7:::::unix:: cpe:2.3:a:ibm:db2:11.1.4.7:::::aix:: cpe:2.3:a:ibm:db2:11.1.4.7:::::windows:: cpe:2.3:a:ibm:db2:11.1.4.7:::::zos:: cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos:: cpe:2.3:a:ibm:db2:12.1.2:::::linux:: cpe:2.3:a:ibm:db2:12.1.2:::::unix:: cpe:2.3:a:ibm:db2:12.1.2:::::aix:: cpe:2.3:a:ibm:db2:12.1.2:::::windows:: cpe:2.3:a:ibm:db2:12.1.2:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51473",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-29T19:26:53.044217Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T19:27:04.540Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "Unix",
            "AIX",
            "z/OS"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "10.5.0.11",
              "status": "affected",
              "version": "10.5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.1.4.7",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.2",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 \n\nis vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-17T01:21:55.841Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7240944"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003eRelease  Fixed in mod pack  APAR  Download URL\u003cbr\u003eV10.5  TBD  DT398812  \u003cbr\u003eSpecial Build for V10.5 FP11:\u003cbr\u003e\u003cbr\u003eAIX 64-bit\u003cbr\u003eHP-UX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 big endian\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eSolaris 64-bit, x86-64\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.1  TBD  DT398812  Special Build for V11.1.4 FP7:\u003cbr\u003eAIX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.5  TBD  DT398812  \u003cbr\u003eSpecial Build #62071 or later for V11.5.9 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003cbr\u003eV12.1  V12.1.2  DT398812  \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\nRelease  Fixed in mod pack  APAR  Download URL\nV10.5  TBD  DT398812  \nSpecial Build for V10.5 FP11:\n\nAIX 64-bit\nHP-UX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 big endian\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nSolaris 64-bit, x86-64\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.1  TBD  DT398812  Special Build for V11.1.4 FP7:\nAIX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.5  TBD  DT398812  \nSpecial Build #62071 or later for V11.5.9 available at this link:\n\n https://www.ibm.com/support/pages/node/7087189 \nV12.1  V12.1.2  DT398812  \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-51473",
    "datePublished": "2025-07-29T19:02:40.346Z",
    "dateReserved": "2024-10-28T10:50:18.700Z",
    "dateUpdated": "2025-08-17T01:21:55.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3475 (GCVE-0-2013-3475)

Vulnerability from cvelistv5

Published

2013-06-05 01:00

Modified

2024-08-06 16:07

Severity ?

CWE

n/a

Summary

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/84358	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/53704	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/60255	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21639355	x_refsource_CONFIRM
	http://secunia.com/advisories/52663	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg21639194	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:38.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC92495",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"
          },
          {
            "name": "IC92496",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"
          },
          {
            "name": "IC92463",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"
          },
          {
            "name": "ibm-db2-cve20133475-bo(84358)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"
          },
          {
            "name": "53704",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53704"
          },
          {
            "name": "60255",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/60255"
          },
          {
            "name": "IC92498",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"
          },
          {
            "name": "52663",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/52663"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-25T09:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "IC92495",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"
        },
        {
          "name": "IC92496",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"
        },
        {
          "name": "IC92463",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"
        },
        {
          "name": "ibm-db2-cve20133475-bo(84358)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"
        },
        {
          "name": "53704",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53704"
        },
        {
          "name": "60255",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/60255"
        },
        {
          "name": "IC92498",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"
        },
        {
          "name": "52663",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/52663"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2013-3475",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC92495",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"
            },
            {
              "name": "IC92496",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"
            },
            {
              "name": "IC92463",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"
            },
            {
              "name": "ibm-db2-cve20133475-bo(84358)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"
            },
            {
              "name": "53704",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53704"
            },
            {
              "name": "60255",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/60255"
            },
            {
              "name": "IC92498",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"
            },
            {
              "name": "52663",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/52663"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2013-3475",
    "datePublished": "2013-06-05T01:00:00",
    "dateReserved": "2013-05-07T00:00:00",
    "dateUpdated": "2024-08-06T16:07:38.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1087 (GCVE-0-2007-1087)

Vulnerability from cvelistv5

Published

2007-02-23 22:00

Modified

2024-08-07 12:43

Severity ?

CWE

n/a

Summary

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

References

►

URL

Tags

	http://osvdb.org/40970	vdb-entry, x_refsource_OSVDB
	http://www.attrition.org/pipermail/vim/2007-August/001765.html	mailing-list, x_refsource_VIM
	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/32651	vdb-entry, x_refsource_XF
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	third-party-advisory, x_refsource_IDEFENSE
	http://www.securityfocus.com/bid/22677	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:43:22.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40970",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40970"
          },
          {
            "name": "20070818 Recent DB2 Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
          },
          {
            "name": "IY94833",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
          },
          {
            "name": "db2-bss-bo(32651)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32651"
          },
          {
            "name": "20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
          },
          {
            "name": "22677",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22677"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "40970",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40970"
        },
        {
          "name": "20070818 Recent DB2 Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
        },
        {
          "name": "IY94833",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
        },
        {
          "name": "db2-bss-bo(32651)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32651"
        },
        {
          "name": "20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
        },
        {
          "name": "22677",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22677"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1087",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40970",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/40970"
            },
            {
              "name": "20070818 Recent DB2 Vulnerabilities",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
            },
            {
              "name": "IY94833",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
            },
            {
              "name": "db2-bss-bo(32651)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32651"
            },
            {
              "name": "20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
            },
            {
              "name": "22677",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22677"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1087",
    "datePublished": "2007-02-23T22:00:00",
    "dateReserved": "2007-02-23T00:00:00",
    "dateUpdated": "2024-08-07T12:43:22.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4826 (GCVE-0-2012-4826)

Vulnerability from cvelistv5

Published

2012-10-20 10:00

Modified

2024-08-06 20:50

Severity ?

CWE

n/a

Summary

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21450666	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21614536	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/56133	vdb-entry, x_refsource_BID
	http://osvdb.org/86414	vdb-entry, x_refsource_OSVDB
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:50:17.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21450666"
          },
          {
            "name": "IC87192",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614536"
          },
          {
            "name": "IC86781",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781"
          },
          {
            "name": "IC86783",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783"
          },
          {
            "name": "IC86765",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765"
          },
          {
            "name": "56133",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56133"
          },
          {
            "name": "86414",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/86414"
          },
          {
            "name": "IC86782",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-01-29T10:00:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21450666"
        },
        {
          "name": "IC87192",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614536"
        },
        {
          "name": "IC86781",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781"
        },
        {
          "name": "IC86783",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783"
        },
        {
          "name": "IC86765",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765"
        },
        {
          "name": "56133",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56133"
        },
        {
          "name": "86414",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/86414"
        },
        {
          "name": "IC86782",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-4826",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21450666",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21450666"
            },
            {
              "name": "IC87192",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21614536",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614536"
            },
            {
              "name": "IC86781",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781"
            },
            {
              "name": "IC86783",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783"
            },
            {
              "name": "IC86765",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765"
            },
            {
              "name": "56133",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56133"
            },
            {
              "name": "86414",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/86414"
            },
            {
              "name": "IC86782",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-4826",
    "datePublished": "2012-10-20T10:00:00",
    "dateReserved": "2012-09-06T00:00:00",
    "dateUpdated": "2024-08-06T20:50:17.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47158 (GCVE-0-2023-47158)

Vulnerability from cvelistv5

Published

2024-01-22 20:05

Modified

2025-05-30 14:21

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7105496	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/270750	vdb-entry
	https://security.netapp.com/advisory/ntap-20240307-0002/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:01:22.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105496"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T19:09:19.972235Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T14:21:58.388Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) \n\n\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e10.5, 11.1 and 11.5\u003c/span\u003e\n\n could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  270750."
            }
          ],
          "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) \n\n10.5, 11.1 and 11.5\n\n could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  270750."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T17:06:16.933Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105496"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-47158",
    "datePublished": "2024-01-22T20:05:46.155Z",
    "dateReserved": "2023-10-31T00:13:45.654Z",
    "dateUpdated": "2025-05-30T14:21:58.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-23487 (GCVE-0-2023-23487)

Vulnerability from cvelistv5

Published

2023-07-09 23:54

Modified

2025-02-13 16:44

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

778 Insufficient Logging

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010567	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/245918	vdb-entry
	https://security.netapp.com/advisory/ntap-20230731-0007/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:32.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010567"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245918"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23487",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T18:45:04.153513Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T18:46:43.454Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging.  IBM X-Force ID:  245918."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging.  IBM X-Force ID:  245918."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "778 Insufficient Logging",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:40.906Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010567"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245918"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 audit logging",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-23487",
    "datePublished": "2023-07-09T23:54:40.577Z",
    "dateReserved": "2023-01-12T16:25:09.445Z",
    "dateUpdated": "2025-02-13T16:44:09.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1493 (GCVE-0-2025-1493)

Vulnerability from cvelistv5

Published

2025-05-05 20:57

Modified

2025-05-16 23:03

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7232518

vendor-advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 12.1.0 ≤ 12.1.1 cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1493",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-06T02:53:03.414612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T02:53:12.466Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-16T23:03:04.732Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250516-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "12.1.1",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 \n\n\n\n\n\ncould allow an authenticated user to cause a denial of service due to concurrent execution of shared resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-05T20:57:52.656Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7232518"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable fixpack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V12.1. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability."
            }
          ],
          "value": "Customers running any vulnerable fixpack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V12.1. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-1493",
    "datePublished": "2025-05-05T20:57:52.656Z",
    "dateReserved": "2025-02-20T02:17:48.808Z",
    "dateUpdated": "2025-05-16T23:03:04.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3676 (GCVE-0-2007-3676)

Vulnerability from cvelistv5

Published

2008-02-12 23:00

Modified

2024-09-16 20:48

Severity ?

CWE

n/a

Summary

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.

References

►

URL

Tags

	http://securitytracker.com/id?1019318	vdb-entry, x_refsource_SECTRACK
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654	third-party-advisory, x_refsource_IDEFENSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:51.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019318",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019318"
          },
          {
            "name": "20080207 IBM DB2 Universal Database Administration Server Memory Corruption Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-02-12T23:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1019318",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019318"
        },
        {
          "name": "20080207 IBM DB2 Universal Database Administration Server Memory Corruption Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3676",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019318",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019318"
            },
            {
              "name": "20080207 IBM DB2 Universal Database Administration Server Memory Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3676",
    "datePublished": "2008-02-12T23:00:00Z",
    "dateReserved": "2007-07-10T00:00:00Z",
    "dateUpdated": "2024-09-16T20:48:19.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2518 (GCVE-0-2025-2518)

Vulnerability from cvelistv5

Published

2025-05-29 19:14

Modified

2025-05-29 19:28

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-789 - Uncontrolled Memory Allocation

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7235072

vendor-advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.1 cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2518",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-29T19:27:54.953470Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T19:28:16.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.1",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\nis vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-29T19:14:07.998Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7235072"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9, and V12.1.1. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9, and V12.1.1. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-2518",
    "datePublished": "2025-05-29T19:14:07.998Z",
    "dateReserved": "2025-03-19T13:25:31.523Z",
    "dateUpdated": "2025-05-29T19:28:16.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0919 (GCVE-0-2014-0919)

Vulnerability from cvelistv5

Published

2015-05-08 01:00

Modified

2024-08-06 09:34

Severity ?

CWE

n/a

Summary

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id/1032247	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/74217	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21698021	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:39.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IT07553",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553"
          },
          {
            "name": "IT07554",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554"
          },
          {
            "name": "IT07547",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547"
          },
          {
            "name": "IT07552",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552"
          },
          {
            "name": "1032247",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032247"
          },
          {
            "name": "74217",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74217"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021"
          },
          {
            "name": "IT07397",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IT07553",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553"
        },
        {
          "name": "IT07554",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554"
        },
        {
          "name": "IT07547",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547"
        },
        {
          "name": "IT07552",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552"
        },
        {
          "name": "1032247",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032247"
        },
        {
          "name": "74217",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74217"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021"
        },
        {
          "name": "IT07397",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0919",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IT07553",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553"
            },
            {
              "name": "IT07554",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554"
            },
            {
              "name": "IT07547",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547"
            },
            {
              "name": "IT07552",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552"
            },
            {
              "name": "1032247",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032247"
            },
            {
              "name": "74217",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74217"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021"
            },
            {
              "name": "IT07397",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0919",
    "datePublished": "2015-05-08T01:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:34:39.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3324 (GCVE-0-2012-3324)

Vulnerability from cvelistv5

Published

2012-09-25 20:00

Modified

2024-08-06 20:05

Severity ?

CWE

n/a

Summary

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21611040	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/77924	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611040"
          },
          {
            "name": "db2-utlfile-dir-traversal(77924)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77924"
          },
          {
            "name": "IC85513",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611040"
        },
        {
          "name": "db2-utlfile-dir-traversal(77924)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77924"
        },
        {
          "name": "IC85513",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3324",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21611040",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611040"
            },
            {
              "name": "db2-utlfile-dir-traversal(77924)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77924"
            },
            {
              "name": "IC85513",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3324",
    "datePublished": "2012-09-25T20:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47747 (GCVE-0-2023-47747)

Vulnerability from cvelistv5

Published

2024-01-22 19:57

Modified

2025-02-13 17:18

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7105502	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/272646	vdb-entry
	https://security.netapp.com/advisory/ntap-20240307-0002/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:16:43.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105502"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272646"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-07T20:07:57.646729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T20:13:01.280Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  272646."
            }
          ],
          "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  272646."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T17:06:15.288Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105502"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272646"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-47747",
    "datePublished": "2024-01-22T19:57:30.941Z",
    "dateReserved": "2023-11-09T11:31:41.193Z",
    "dateUpdated": "2025-02-13T17:18:08.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0699 (GCVE-0-2008-0699)

Vulnerability from cvelistv5

Published

2008-02-12 00:00

Modified

2024-08-07 07:54

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/491075/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972	vendor-advisory, x_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973	vendor-advisory, x_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/28771	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0401	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/29784	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29022	third-party-advisory, x_refsource_SECUNIA
	http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml	x_refsource_MISC
	http://osvdb.org/41795	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:22.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
          },
          {
            "name": "IZ06972",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
          },
          {
            "name": "IZ06973",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973"
          },
          {
            "name": "IZ10917",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917"
          },
          {
            "name": "28771",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28771"
          },
          {
            "name": "ADV-2008-0401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0401"
          },
          {
            "name": "29784",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29784"
          },
          {
            "name": "29022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29022"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
          },
          {
            "name": "41795",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41795"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
        },
        {
          "name": "IZ06972",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
        },
        {
          "name": "IZ06973",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973"
        },
        {
          "name": "IZ10917",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917"
        },
        {
          "name": "28771",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28771"
        },
        {
          "name": "ADV-2008-0401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0401"
        },
        {
          "name": "29784",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29784"
        },
        {
          "name": "29022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29022"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
        },
        {
          "name": "41795",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41795"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0699",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
            },
            {
              "name": "IZ06972",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
            },
            {
              "name": "IZ06973",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973"
            },
            {
              "name": "IZ10917",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917"
            },
            {
              "name": "28771",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28771"
            },
            {
              "name": "ADV-2008-0401",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0401"
            },
            {
              "name": "29784",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29784"
            },
            {
              "name": "29022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29022"
            },
            {
              "name": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml",
              "refsource": "MISC",
              "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
            },
            {
              "name": "41795",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41795"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0699",
    "datePublished": "2008-02-12T00:00:00",
    "dateReserved": "2008-02-11T00:00:00",
    "dateUpdated": "2024-08-07T07:54:22.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0211 (GCVE-0-2016-0211)

Vulnerability from cvelistv5

Published

2016-04-28 01:00

Modified

2024-08-05 22:08

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IT12488	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id/1035660	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT12487	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT13350	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/85979	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21979984	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT12462	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:08:13.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IT12488",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12488"
          },
          {
            "name": "1035660",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035660"
          },
          {
            "name": "IT12487",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12487"
          },
          {
            "name": "IT13350",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13350"
          },
          {
            "name": "85979",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85979"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979984"
          },
          {
            "name": "IT12462",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12462"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IT12488",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12488"
        },
        {
          "name": "1035660",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035660"
        },
        {
          "name": "IT12487",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12487"
        },
        {
          "name": "IT13350",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13350"
        },
        {
          "name": "85979",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85979"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979984"
        },
        {
          "name": "IT12462",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12462"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IT12488",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12488"
            },
            {
              "name": "1035660",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035660"
            },
            {
              "name": "IT12487",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12487"
            },
            {
              "name": "IT13350",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13350"
            },
            {
              "name": "85979",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85979"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979984",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979984"
            },
            {
              "name": "IT12462",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12462"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0211",
    "datePublished": "2016-04-28T01:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:08:13.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20579 (GCVE-0-2021-20579)

Vulnerability from cvelistv5

Published

2021-06-24 18:45

Modified

2024-09-16 20:51

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6466369	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/199283	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210720-0006/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6466369"
          },
          {
            "name": "ibm-db2-cve202120579-info-disc (199283)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199283"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/PR:N/AC:H/S:U/C:H/UI:N/A:N/I:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:07:10",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6466369"
        },
        {
          "name": "ibm-db2-cve202120579-info-disc (199283)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199283"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-06-23T00:00:00",
          "ID": "CVE-2021-20579",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6466369",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6466369 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6466369"
            },
            {
              "name": "ibm-db2-cve202120579-info-disc (199283)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199283"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210720-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20579",
    "datePublished": "2021-06-24T18:45:27.721579Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T20:51:50.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1923 (GCVE-0-2018-1923)

Vulnerability from cvelistv5

Published

2019-03-11 22:00

Modified

2024-09-17 01:46

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10740413	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/107398	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/152859	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
          },
          {
            "name": "107398",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107398"
          },
          {
            "name": "ibm-db2-cve20181923-bo(152859)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152859"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
        },
        {
          "name": "107398",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107398"
        },
        {
          "name": "ibm-db2-cve20181923-bo(152859)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152859"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1923",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10740413",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
            },
            {
              "name": "107398",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107398"
            },
            {
              "name": "ibm-db2-cve20181923-bo(152859)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152859"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1923",
    "datePublished": "2019-03-11T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T01:46:23.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-33092 (GCVE-0-2025-33092)

Vulnerability from cvelistv5

Published

2025-07-29 18:36

Modified

2025-07-31 03:55

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7240940

vendor-advisory, patch

Impacted products

	Vendor	Product	Version
	IBM	Db2	Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.2 cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.2:::::linux::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33092",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-30T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T03:55:58.310Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.2",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\nis vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T18:36:58.168Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7240940"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9, V12.1.1 and v12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eRelease  Fixed in mod pack  APAR  Download URL\u003cbr\u003eV11.5  TBD  DT436195  \u003cbr\u003eSpecial Build #62071 or later for V11.5.9 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003cbr\u003eV12.1  V12.1.2  DT436195  \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.5.9, V12.1.1 and v12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\n \n\nRelease  Fixed in mod pack  APAR  Download URL\nV11.5  TBD  DT436195  \nSpecial Build #62071 or later for V11.5.9 available at this link:\n\n https://www.ibm.com/support/pages/node/7087189 \nV12.1  V12.1.2  DT436195  \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux code execution",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-33092",
    "datePublished": "2025-07-29T18:36:58.168Z",
    "dateReserved": "2025-04-15T17:50:31.398Z",
    "dateUpdated": "2025-07-31T03:55:58.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4033 (GCVE-0-2013-4033)

Vulnerability from cvelistv5

Published

2013-08-28 10:00

Modified

2024-08-06 16:30

Severity ?

CWE

n/a

Summary

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/86093	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21646809	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94756	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94758	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94757	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.843Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-explain-cve20134033-priv-esc(86093)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86093"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646809"
          },
          {
            "name": "IC94523",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523"
          },
          {
            "name": "IC94756",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94756"
          },
          {
            "name": "IC94758",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94758"
          },
          {
            "name": "IC94757",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94757"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "db2-explain-cve20134033-priv-esc(86093)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86093"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646809"
        },
        {
          "name": "IC94523",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523"
        },
        {
          "name": "IC94756",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94756"
        },
        {
          "name": "IC94758",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94758"
        },
        {
          "name": "IC94757",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94757"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4033",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-explain-cve20134033-priv-esc(86093)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86093"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21646809",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646809"
            },
            {
              "name": "IC94523",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523"
            },
            {
              "name": "IC94756",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94756"
            },
            {
              "name": "IC94758",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94758"
            },
            {
              "name": "IC94757",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94757"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4033",
    "datePublished": "2013-08-28T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3959 (GCVE-0-2008-3959)

Vulnerability from cvelistv5

Published

2008-09-09 14:00

Modified

2024-08-07 10:00

Severity ?

CWE

n/a

Summary

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/45134	vdb-entry, x_refsource_XF
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/29022	third-party-advisory, x_refsource_SECUNIA
	http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-db2-connect-attach-dos2(45134)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45134"
          },
          {
            "name": "IZ05043",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043"
          },
          {
            "name": "29022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29022"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ibm-db2-connect-attach-dos2(45134)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45134"
        },
        {
          "name": "IZ05043",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043"
        },
        {
          "name": "29022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29022"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3959",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-db2-connect-attach-dos2(45134)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45134"
            },
            {
              "name": "IZ05043",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043"
            },
            {
              "name": "29022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29022"
            },
            {
              "name": "http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml",
              "refsource": "MISC",
              "url": "http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3959",
    "datePublished": "2008-09-09T14:00:00",
    "dateReserved": "2008-09-09T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0757 (GCVE-0-2011-0757)

Vulnerability from cvelistv5

Published

2011-02-02 22:00

Modified

2024-08-06 22:05

Severity ?

CWE

n/a

Summary

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815	x_refsource_CONFIRM
	http://www.ibm.com/support/docview.wss?uid=swg1IC66814	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/43148	third-party-advisory, x_refsource_SECUNIA
	http://www.ibm.com/support/docview.wss?uid=swg1IC66815	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814	x_refsource_CONFIRM
	http://osvdb.org/70773	vdb-entry, x_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/65008	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/46064	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg1IC66811	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:05:53.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66815"
          },
          {
            "name": "IC66814",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66814"
          },
          {
            "name": "43148",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43148"
          },
          {
            "name": "IC66815",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66815"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66814"
          },
          {
            "name": "70773",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70773"
          },
          {
            "name": "oval:org.mitre.oval:def:14295",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66811"
          },
          {
            "name": "ibm-db2-dbadm-priv-esc(65008)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65008"
          },
          {
            "name": "46064",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46064"
          },
          {
            "name": "IC66811",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66811"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66815"
        },
        {
          "name": "IC66814",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66814"
        },
        {
          "name": "43148",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43148"
        },
        {
          "name": "IC66815",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66815"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66814"
        },
        {
          "name": "70773",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70773"
        },
        {
          "name": "oval:org.mitre.oval:def:14295",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66811"
        },
        {
          "name": "ibm-db2-dbadm-priv-esc(65008)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65008"
        },
        {
          "name": "46064",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46064"
        },
        {
          "name": "IC66811",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66811"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66815",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66815"
            },
            {
              "name": "IC66814",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66814"
            },
            {
              "name": "43148",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43148"
            },
            {
              "name": "IC66815",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66815"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21426108",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21426108"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66814",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66814"
            },
            {
              "name": "70773",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70773"
            },
            {
              "name": "oval:org.mitre.oval:def:14295",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66811",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66811"
            },
            {
              "name": "ibm-db2-dbadm-priv-esc(65008)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65008"
            },
            {
              "name": "46064",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46064"
            },
            {
              "name": "IC66811",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66811"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0757",
    "datePublished": "2011-02-02T22:00:00",
    "dateReserved": "2011-02-02T00:00:00",
    "dateUpdated": "2024-08-06T22:05:53.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4869 (GCVE-0-2005-4869)

Vulnerability from cvelistv5

Published

2007-10-06 21:00

Modified

2024-08-08 00:01

Severity ?

CWE

n/a

Summary

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.

References

►

URL

Tags

	http://www.securityfocus.com/bid/11400	vdb-entry, x_refsource_BID
	http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781	vendor-advisory, x_refsource_AIXAPAR
	http://www.nextgenss.com/advisories/db205012005G.txt	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=110495483501494&w=2	mailing-list, x_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilities/17614	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/12733/	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "11400",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11400"
          },
          {
            "name": "IY61781",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nextgenss.com/advisories/db205012005G.txt"
          },
          {
            "name": "20050105 IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110495483501494\u0026w=2"
          },
          {
            "name": "db2-dts-string-conversion(17614)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17614"
          },
          {
            "name": "12733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12733/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "11400",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11400"
        },
        {
          "name": "IY61781",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nextgenss.com/advisories/db205012005G.txt"
        },
        {
          "name": "20050105 IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110495483501494\u0026w=2"
        },
        {
          "name": "db2-dts-string-conversion(17614)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17614"
        },
        {
          "name": "12733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12733/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4869",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "11400",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11400"
            },
            {
              "name": "IY61781",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781"
            },
            {
              "name": "http://www.nextgenss.com/advisories/db205012005G.txt",
              "refsource": "MISC",
              "url": "http://www.nextgenss.com/advisories/db205012005G.txt"
            },
            {
              "name": "20050105 IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110495483501494\u0026w=2"
            },
            {
              "name": "db2-dts-string-conversion(17614)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17614"
            },
            {
              "name": "12733",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12733/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4869",
    "datePublished": "2007-10-06T21:00:00",
    "dateReserved": "2007-10-06T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1427 (GCVE-0-2018-1427)

Vulnerability from cvelistv5

Published

2018-03-22 12:00

Modified

2024-09-16 17:43

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Denial of Service

Summary

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/139072	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22013756	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/103536	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1041012	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139072"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
          },
          {
            "name": "103536",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103536"
          },
          {
            "name": "1041012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-08T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139072"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
        },
        {
          "name": "103536",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103536"
        },
        {
          "name": "1041012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041012"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-15T00:00:00",
          "ID": "CVE-2018-1427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139072",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139072"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22013756",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
            },
            {
              "name": "103536",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103536"
            },
            {
              "name": "1041012",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041012"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1427",
    "datePublished": "2018-03-22T12:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T17:43:56.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3472 (GCVE-0-2009-3472)

Vulnerability from cvelistv5

Published

2009-09-29 21:00

Modified

2024-08-07 06:31

Severity ?

CWE

n/a

Summary

IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50078	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/36540	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/36890	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50074	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50079	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21403619	x_refsource_CONFIRM
	http://osvdb.org/58478	vdb-entry, x_refsource_OSVDB
	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IZ50078",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50078"
          },
          {
            "name": "36540",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36540"
          },
          {
            "name": "36890",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36890"
          },
          {
            "name": "IZ50074",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50074"
          },
          {
            "name": "IZ50079",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50079"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
          },
          {
            "name": "58478",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/58478"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-10-14T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IZ50078",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50078"
        },
        {
          "name": "36540",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36540"
        },
        {
          "name": "36890",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36890"
        },
        {
          "name": "IZ50074",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50074"
        },
        {
          "name": "IZ50079",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50079"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
        },
        {
          "name": "58478",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/58478"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3472",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IZ50078",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50078"
            },
            {
              "name": "36540",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36540"
            },
            {
              "name": "36890",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36890"
            },
            {
              "name": "IZ50074",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50074"
            },
            {
              "name": "IZ50079",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50079"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
            },
            {
              "name": "58478",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/58478"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3472",
    "datePublished": "2009-09-29T21:00:00",
    "dateReserved": "2009-09-29T00:00:00",
    "dateUpdated": "2024-08-07T06:31:10.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3474 (GCVE-0-2010-3474)

Vulnerability from cvelistv5

Published

2010-09-20 21:00

Modified

2024-08-07 03:11

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471.

References

►

URL

Tags

	http://www.securityfocus.com/bid/43291	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669	vdb-entry, signature, x_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilities/61872	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015	vendor-advisory, x_refsource_AIXAPAR
	http://www.vupen.com/english/advisories/2010/2425	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1024457	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/41444	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/68121	vdb-entry, x_refsource_OSVDB
	http://www.ibm.com/support/docview.wss?uid=swg21446455	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43291",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/43291"
          },
          {
            "name": "oval:org.mitre.oval:def:14669",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669"
          },
          {
            "name": "ibm-db2-public-security-bypass(61872)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61872"
          },
          {
            "name": "IC68015",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015"
          },
          {
            "name": "ADV-2010-2425",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2425"
          },
          {
            "name": "1024457",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024457"
          },
          {
            "name": "41444",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41444"
          },
          {
            "name": "68121",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/68121"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions\u0027 owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43291",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/43291"
        },
        {
          "name": "oval:org.mitre.oval:def:14669",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669"
        },
        {
          "name": "ibm-db2-public-security-bypass(61872)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61872"
        },
        {
          "name": "IC68015",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015"
        },
        {
          "name": "ADV-2010-2425",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2425"
        },
        {
          "name": "1024457",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024457"
        },
        {
          "name": "41444",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41444"
        },
        {
          "name": "68121",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/68121"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3474",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions\u0027 owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43291",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/43291"
            },
            {
              "name": "oval:org.mitre.oval:def:14669",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669"
            },
            {
              "name": "ibm-db2-public-security-bypass(61872)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61872"
            },
            {
              "name": "IC68015",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015"
            },
            {
              "name": "ADV-2010-2425",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2425"
            },
            {
              "name": "1024457",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024457"
            },
            {
              "name": "41444",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41444"
            },
            {
              "name": "68121",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/68121"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21446455",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3474",
    "datePublished": "2010-09-20T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5652 (GCVE-0-2007-5652)

Vulnerability from cvelistv5

Published

2007-10-23 21:00

Modified

2024-08-07 15:39

Severity ?

CWE

n/a

Summary

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

References

►

URL

Tags

	http://www-1.ibm.com/support/docview.wss?uid=swg21255607	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2007/3538	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/3867	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/26450	vdb-entry, x_refsource_BID
	http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21283031	x_refsource_CONFIRM
	http://www.ibm.com/support/docview.wss?uid=swg1LI72519	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/27177	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.726Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
          },
          {
            "name": "ADV-2007-3538",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3538"
          },
          {
            "name": "ADV-2007-3867",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3867"
          },
          {
            "name": "26450",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26450"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?rs=71\u0026uid=swg21283031"
          },
          {
            "name": "LI72519",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1LI72519"
          },
          {
            "name": "27177",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27177"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption.  NOTE: the vendor description of this issue is too vague to be certain that it is security-related."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-11-28T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
        },
        {
          "name": "ADV-2007-3538",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3538"
        },
        {
          "name": "ADV-2007-3867",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3867"
        },
        {
          "name": "26450",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26450"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?rs=71\u0026uid=swg21283031"
        },
        {
          "name": "LI72519",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1LI72519"
        },
        {
          "name": "27177",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27177"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5652",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption.  NOTE: the vendor description of this issue is too vague to be certain that it is security-related."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
            },
            {
              "name": "ADV-2007-3538",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3538"
            },
            {
              "name": "ADV-2007-3867",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3867"
            },
            {
              "name": "26450",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26450"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=71\u0026uid=swg21283031",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?rs=71\u0026uid=swg21283031"
            },
            {
              "name": "LI72519",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1LI72519"
            },
            {
              "name": "27177",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27177"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5652",
    "datePublished": "2007-10-23T21:00:00",
    "dateReserved": "2007-10-23T00:00:00",
    "dateUpdated": "2024-08-07T15:39:13.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1685 (GCVE-0-2018-1685)

Vulnerability from cvelistv5

Published

2018-09-21 13:00

Modified

2024-08-05 04:07

Severity ?

CWE

n/a

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.

References

►

URL

Tags

	http://www.securitytracker.com/id/1041671	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/105395	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/145502	vdb-entry, x_refsource_XF
	https://www.ibm.com/support/docview.wss?uid=ibm10729979	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041671",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041671"
          },
          {
            "name": "105395",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105395"
          },
          {
            "name": "ibm-db2-cve20181685-info-disc(145502)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145502"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729979"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1041671",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041671"
        },
        {
          "name": "105395",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105395"
        },
        {
          "name": "ibm-db2-cve20181685-info-disc(145502)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145502"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729979"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2018-1685",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041671",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041671"
            },
            {
              "name": "105395",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105395"
            },
            {
              "name": "ibm-db2-cve20181685-info-disc(145502)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145502"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10729979",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729979"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1685",
    "datePublished": "2018-09-21T13:00:00",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-08-05T04:07:44.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4150 (GCVE-0-2009-4150)

Vulnerability from cvelistv5

Published

2009-12-02 11:00

Modified

2024-09-16 23:35

Severity ?

CWE

n/a

Summary

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/36890	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg21403619	x_refsource_CONFIRM
	http://securitytracker.com/id?1023242	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340	vendor-advisory, x_refsource_AIXAPAR
	http://www.vupen.com/english/advisories/2009/3340	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/37454	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IZ40343",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343"
          },
          {
            "name": "IC64759",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759"
          },
          {
            "name": "36890",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36890"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
          },
          {
            "name": "1023242",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023242"
          },
          {
            "name": "IZ40340",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340"
          },
          {
            "name": "ADV-2009-3340",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3340"
          },
          {
            "name": "37454",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37454"
          },
          {
            "name": "IZ40352",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-02T11:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IZ40343",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343"
        },
        {
          "name": "IC64759",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759"
        },
        {
          "name": "36890",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36890"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
        },
        {
          "name": "1023242",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023242"
        },
        {
          "name": "IZ40340",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340"
        },
        {
          "name": "ADV-2009-3340",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3340"
        },
        {
          "name": "37454",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37454"
        },
        {
          "name": "IZ40352",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4150",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IZ40343",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343"
            },
            {
              "name": "IC64759",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759"
            },
            {
              "name": "36890",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36890"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
            },
            {
              "name": "1023242",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023242"
            },
            {
              "name": "IZ40340",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340"
            },
            {
              "name": "ADV-2009-3340",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3340"
            },
            {
              "name": "37454",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37454"
            },
            {
              "name": "IZ40352",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4150",
    "datePublished": "2009-12-02T11:00:00Z",
    "dateReserved": "2009-12-02T00:00:00Z",
    "dateUpdated": "2024-09-16T23:35:40.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1883 (GCVE-0-2015-1883)

Vulnerability from cvelistv5

Published

2015-07-20 01:00

Modified

2024-08-06 04:54

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21698308	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/75946	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id/1032881	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.423Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698308"
          },
          {
            "name": "75946",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75946"
          },
          {
            "name": "IT08085",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085"
          },
          {
            "name": "IT08080",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080"
          },
          {
            "name": "IT08086",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086"
          },
          {
            "name": "1032881",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032881"
          },
          {
            "name": "IT08075",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698308"
        },
        {
          "name": "75946",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75946"
        },
        {
          "name": "IT08085",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085"
        },
        {
          "name": "IT08080",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080"
        },
        {
          "name": "IT08086",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086"
        },
        {
          "name": "1032881",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032881"
        },
        {
          "name": "IT08075",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1883",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698308",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698308"
            },
            {
              "name": "75946",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75946"
            },
            {
              "name": "IT08085",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085"
            },
            {
              "name": "IT08080",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080"
            },
            {
              "name": "IT08086",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086"
            },
            {
              "name": "1032881",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032881"
            },
            {
              "name": "IT08075",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1883",
    "datePublished": "2015-07-20T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27555 (GCVE-0-2023-27555)

Vulnerability from cvelistv5

Published

2023-04-28 17:38

Modified

2025-02-13 16:45

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6985683	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/249187	vdb-entry
	https://security.netapp.com/advisory/ntap-20230511-0010/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:35.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6985683"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249187"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27555",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T20:04:42.614271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T20:04:50.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers.  IBM X-Force ID:  249187."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers.  IBM X-Force ID:  249187."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-11T14:06:20.854Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6985683"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249187"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27555",
    "datePublished": "2023-04-28T17:38:59.623Z",
    "dateReserved": "2023-03-02T20:39:33.983Z",
    "dateUpdated": "2025-02-13T16:45:26.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29678 (GCVE-0-2021-29678)

Vulnerability from cvelistv5

Published

2021-12-09 17:00

Modified

2024-09-16 17:33

Severity ?

8.7 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

CWE

Gain Access

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6523806	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/199914	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20220114-0002/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:06.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6523806"
          },
          {
            "name": "ibm-db2-cve202129678-access-control (199914)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199914"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.6,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/PR:H/S:C/AV:N/I:H/AC:L/UI:N/A:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-14T06:06:19",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6523806"
        },
        {
          "name": "ibm-db2-cve202129678-access-control (199914)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199914"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-12-08T00:00:00",
          "ID": "CVE-2021-29678",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6523806",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6523806 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6523806"
            },
            {
              "name": "ibm-db2-cve202129678-access-control (199914)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199914"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220114-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29678",
    "datePublished": "2021-12-09T17:00:26.346961Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T17:33:35.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29256 (GCVE-0-2023-29256)

Vulnerability from cvelistv5

Published

2023-07-09 23:27

Modified

2025-02-13 16:49

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

284 Improper Access Control

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010573	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/252046	vdb-entry
	https://security.netapp.com/advisory/ntap-20230731-0007/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:16.015Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010573"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252046"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29256",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T18:46:55.550527Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T18:47:11.877Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used.  IBM X-Force ID:  252046."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used.  IBM X-Force ID:  252046."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "284 Improper Access Control",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:42.400Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010573"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252046"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-29256",
    "datePublished": "2023-07-09T23:27:56.560Z",
    "dateReserved": "2023-04-04T18:45:55.861Z",
    "dateUpdated": "2025-02-13T16:49:04.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2180 (GCVE-0-2012-2180)

Vulnerability from cvelistv5

Published

2012-06-20 10:00

Modified

2024-08-06 19:26

Severity ?

CWE

n/a

Summary

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/75418	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=swg1IC82234	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=swg21597090	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/53873	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg1IC82367	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-drdaconnection-dos(75418)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"
          },
          {
            "name": "IC82234",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"
          },
          {
            "name": "53873",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53873"
          },
          {
            "name": "IC82367",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-02T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "db2-drdaconnection-dos(75418)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"
        },
        {
          "name": "IC82234",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"
        },
        {
          "name": "53873",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53873"
        },
        {
          "name": "IC82367",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2180",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-drdaconnection-dos(75418)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"
            },
            {
              "name": "IC82234",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21597090",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"
            },
            {
              "name": "53873",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53873"
            },
            {
              "name": "IC82367",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2180",
    "datePublished": "2012-06-20T10:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4414 (GCVE-0-2020-4414)

Vulnerability from cvelistv5

Published

2020-07-01 14:25

Modified

2024-09-16 23:21

Severity ?

5.1 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6242356	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/179989	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 Version: 9.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6242356"
          },
          {
            "name": "ibm-db2-cve20204414-info-disc (179989)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            },
            {
              "status": "affected",
              "version": "9.1"
            }
          ]
        }
      ],
      "datePublic": "2020-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/A:L/PR:N/UI:N/C:L/S:U/AV:L/I:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-01T14:25:33",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6242356"
        },
        {
          "name": "ibm-db2-cve20204414-info-disc (179989)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-30T00:00:00",
          "ID": "CVE-2020-4414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          },
                          {
                            "version_value": "9.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "L",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6242356",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6242356 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6242356"
            },
            {
              "name": "ibm-db2-cve20204414-info-disc (179989)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4414",
    "datePublished": "2020-07-01T14:25:33.201603Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T23:21:53.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27559 (GCVE-0-2023-27559)

Vulnerability from cvelistv5

Published

2023-04-26 19:02

Modified

2024-11-21 18:43

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6985667	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/249196	vdb-entry
	https://security.netapp.com/advisory/ntap-20230511-0010/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:35.843Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6985667"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249196"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27559",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-02T17:00:02.435266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T18:43:08.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery.  IBM X-Force ID:  249196."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery.  IBM X-Force ID:  249196."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-12T03:15:47.214085Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6985667"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249196"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27559",
    "datePublished": "2023-04-26T19:02:45.540Z",
    "dateReserved": "2023-03-02T20:39:33.984Z",
    "dateUpdated": "2024-11-21T18:43:08.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1228 (GCVE-0-2007-1228)

Vulnerability from cvelistv5

Published

2007-03-02 22:00

Modified

2024-08-07 12:50

Severity ?

CWE

n/a

Summary

IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.

References

►

URL

Tags

	http://www-1.ibm.com/support/docview.wss?uid=swg1IY87492	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/24387	third-party-advisory, x_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id?1017731	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/22729	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:34.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IY87492",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY87492"
          },
          {
            "name": "24387",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24387"
          },
          {
            "name": "IY86711",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711"
          },
          {
            "name": "1017731",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017731"
          },
          {
            "name": "22729",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22729"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the \"fenced\" user to access certain unauthorized directories."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-03-14T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IY87492",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY87492"
        },
        {
          "name": "24387",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24387"
        },
        {
          "name": "IY86711",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711"
        },
        {
          "name": "1017731",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017731"
        },
        {
          "name": "22729",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22729"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1228",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the \"fenced\" user to access certain unauthorized directories."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IY87492",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY87492"
            },
            {
              "name": "24387",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24387"
            },
            {
              "name": "IY86711",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711"
            },
            {
              "name": "1017731",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017731"
            },
            {
              "name": "22729",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22729"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1228",
    "datePublished": "2007-03-02T22:00:00",
    "dateReserved": "2007-03-02T00:00:00",
    "dateUpdated": "2024-08-07T12:50:34.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27867 (GCVE-0-2023-27867)

Vulnerability from cvelistv5

Published

2023-07-08 18:43

Modified

2025-02-13 16:45

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010029	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/249514	vdb-entry
	https://security.netapp.com/advisory/ntap-20230803-0006/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:29.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010029"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249514"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27867",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T19:13:26.572813Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T19:15:12.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249514."
            }
          ],
          "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249514."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-03T14:06:16.783Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010029"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249514"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27867",
    "datePublished": "2023-07-08T18:43:58.232Z",
    "dateReserved": "2023-03-06T20:01:41.708Z",
    "dateUpdated": "2025-02-13T16:45:35.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-43930 (GCVE-0-2022-43930)

Vulnerability from cvelistv5

Published

2023-02-17 17:04

Modified

2025-03-12 20:06

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6953755	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/241677	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.729Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6953755"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241677"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T20:06:52.110581Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T20:06:59.641Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file.  IBM X-Force ID:  241677."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file.  IBM X-Force ID:  241677."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-17T17:04:18.736Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6953755"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241677"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-43930",
    "datePublished": "2023-02-17T17:04:18.736Z",
    "dateReserved": "2022-10-26T15:46:22.850Z",
    "dateUpdated": "2025-03-12T20:06:59.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1487 (GCVE-0-2018-1487)

Vulnerability from cvelistv5

Published

2018-07-10 16:00

Modified

2024-09-17 03:59

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.

References

►

URL

Tags

	http://www.securitytracker.com/id/1041231	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/140972	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=swg22016505	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.164Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041231",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041231"
          },
          {
            "name": "ibm-db2-cve20181487-priv-escalation(140972)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140972"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016505"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1041231",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041231"
        },
        {
          "name": "ibm-db2-cve20181487-priv-escalation(140972)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140972"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016505"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-09T00:00:00",
          "ID": "CVE-2018-1487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041231",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041231"
            },
            {
              "name": "ibm-db2-cve20181487-priv-escalation(140972)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140972"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016505",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016505"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1487",
    "datePublished": "2018-07-10T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:59:28.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0709 (GCVE-0-2012-0709)

Vulnerability from cvelistv5

Published

2012-03-20 20:00

Modified

2024-08-06 18:30

Severity ?

CWE

n/a

Summary

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21588100	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/73493	vdb-entry, x_refsource_XF
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:30:54.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC81387",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387"
          },
          {
            "name": "IC81390",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588100"
          },
          {
            "name": "IC81836",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836"
          },
          {
            "name": "db2-createvariable-security-bypass(73493)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73493"
          },
          {
            "name": "oval:org.mitre.oval:def:15004",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IC81387",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387"
        },
        {
          "name": "IC81390",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588100"
        },
        {
          "name": "IC81836",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836"
        },
        {
          "name": "db2-createvariable-security-bypass(73493)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73493"
        },
        {
          "name": "oval:org.mitre.oval:def:15004",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0709",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC81387",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387"
            },
            {
              "name": "IC81390",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21588100",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588100"
            },
            {
              "name": "IC81836",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836"
            },
            {
              "name": "db2-createvariable-security-bypass(73493)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73493"
            },
            {
              "name": "oval:org.mitre.oval:def:15004",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0709",
    "datePublished": "2012-03-20T20:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:30:54.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45178 (GCVE-0-2023-45178)

Vulnerability from cvelistv5

Published

2023-12-03 17:29

Modified

2025-02-13 17:13

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7087207	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/268073	vdb-entry
	https://security.netapp.com/advisory/ntap-20240112-0004/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:19.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7087207"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268073"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240112-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used.  IBM X-Force ID:  268073."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used.  IBM X-Force ID:  268073."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T14:06:16.333Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7087207"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268073"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240112-0004/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-45178",
    "datePublished": "2023-12-03T17:29:29.053Z",
    "dateReserved": "2023-10-05T01:38:58.206Z",
    "dateUpdated": "2025-02-13T17:13:51.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1434 (GCVE-0-2017-1434)

Vulnerability from cvelistv5

Published

2017-09-12 21:00

Modified

2024-09-16 18:03

Severity ?

CWE

Obtain Information

Summary

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039297	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/127806	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22005740	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100693	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:30.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039297",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039297"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005740"
          },
          {
            "name": "100693",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100693"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1039297",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039297"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005740"
        },
        {
          "name": "100693",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100693"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-09-07T00:00:00",
          "ID": "CVE-2017-1434",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039297",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039297"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005740",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005740"
            },
            {
              "name": "100693",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100693"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1434",
    "datePublished": "2017-09-12T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T18:03:53.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2858 (GCVE-0-2009-2858)

Vulnerability from cvelistv5

Published

2009-08-19 17:00

Modified

2024-09-16 17:22

Severity ?

CWE

n/a

Summary

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg24024075	x_refsource_CONFIRM
	http://secunia.com/advisories/36313	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35635	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:36.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
          },
          {
            "name": "36313",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36313"
          },
          {
            "name": "IZ35635",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35635"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-08-19T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
        },
        {
          "name": "36313",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36313"
        },
        {
          "name": "IZ35635",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35635"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2858",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
            },
            {
              "name": "36313",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36313"
            },
            {
              "name": "IZ35635",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35635"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2858",
    "datePublished": "2009-08-19T17:00:00Z",
    "dateReserved": "2009-08-19T00:00:00Z",
    "dateUpdated": "2024-09-16T17:22:46.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1977 (GCVE-0-2018-1977)

Vulnerability from cvelistv5

Published

2018-12-14 15:30

Modified

2024-09-17 00:11

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.

References

►

URL

Tags

	http://www.securityfocus.com/bid/106222	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/154032	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=ibm10788089	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106222",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106222"
          },
          {
            "name": "ibm-db2-cve20181977-dos(154032)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154032"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10788089"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:N/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-18T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "106222",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106222"
        },
        {
          "name": "ibm-db2-cve20181977-dos(154032)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154032"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10788089"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-12-12T00:00:00",
          "ID": "CVE-2018-1977",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106222",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106222"
            },
            {
              "name": "ibm-db2-cve20181977-dos(154032)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154032"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10788089",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10788089"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1977",
    "datePublished": "2018-12-14T15:30:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T00:11:53.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29777 (GCVE-0-2021-29777)

Vulnerability from cvelistv5

Published

2021-06-24 18:45

Modified

2024-09-16 20:58

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6466373	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/203031	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210720-0006/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6466373"
          },
          {
            "name": "ibm-db2-cve202129777-dos (203031)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203031"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/A:H/I:N/AV:N/PR:L/AC:H/S:U/C:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:07:12",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6466373"
        },
        {
          "name": "ibm-db2-cve202129777-dos (203031)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203031"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-06-23T00:00:00",
          "ID": "CVE-2021-29777",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6466373",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6466373 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6466373"
            },
            {
              "name": "ibm-db2-cve202129777-dos (203031)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203031"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210720-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29777",
    "datePublished": "2021-06-24T18:45:30.905849Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T20:58:36.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1571 (GCVE-0-2017-1571)

Vulnerability from cvelistv5

Published

2018-03-22 12:00

Modified

2024-09-17 02:16

Severity ?

5.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Obtain Information

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.

References

►

URL

Tags

	http://www.securityfocus.com/bid/103494	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg22012948	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/131853	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:30.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103494",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103494"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22012948"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "103494",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103494"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22012948"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-14T00:00:00",
          "ID": "CVE-2017-1571",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103494",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103494"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22012948",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22012948"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1571",
    "datePublished": "2018-03-22T12:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T02:16:22.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-1906 (GCVE-0-2009-1906)

Vulnerability from cvelistv5

Published

2009-06-03 20:35

Modified

2024-09-16 16:53

Severity ?

CWE

n/a

Summary

The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.

References

►

URL

Tags

	http://www.securityfocus.com/bid/35171	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/35235	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35171",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35171"
          },
          {
            "name": "IZ36683",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "IZ38874",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874"
          },
          {
            "name": "35235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35235"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-06-03T20:35:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "35171",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35171"
        },
        {
          "name": "IZ36683",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "IZ38874",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874"
        },
        {
          "name": "35235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35235"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1906",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35171",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35171"
            },
            {
              "name": "IZ36683",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "IZ38874",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874"
            },
            {
              "name": "35235",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35235"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1906",
    "datePublished": "2009-06-03T20:35:00Z",
    "dateReserved": "2009-06-03T00:00:00Z",
    "dateUpdated": "2024-09-16T16:53:25.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4701 (GCVE-0-2020-4701)

Vulnerability from cvelistv5

Published

2020-11-19 15:15

Modified

2024-09-16 22:10

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6370025	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/187078	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:57.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6370025"
          },
          {
            "name": "ibm-db2-cve20204701-bo (187078)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187078"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-11-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/PR:N/AC:L/I:H/A:H/S:U/AV:L/C:H/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-19T15:15:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6370025"
        },
        {
          "name": "ibm-db2-cve20204701-bo (187078)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187078"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-11-18T00:00:00",
          "ID": "CVE-2020-4701",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6370025",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6370025 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6370025"
            },
            {
              "name": "ibm-db2-cve20204701-bo (187078)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187078"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4701",
    "datePublished": "2020-11-19T15:15:18.821399Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T22:10:34.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3740 (GCVE-0-2010-3740)

Vulnerability from cvelistv5

Published

2010-10-05 17:00

Modified

2024-08-07 03:18

Severity ?

CWE

n/a

Summary

The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.

References

►

URL

Tags

	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613	vendor-advisory, x_refsource_AIXAPAR
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:53.098Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "name": "IC66613",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613"
          },
          {
            "name": "oval:org.mitre.oval:def:13811",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "name": "IC66613",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613"
        },
        {
          "name": "oval:org.mitre.oval:def:13811",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3740",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "IC66613",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613"
            },
            {
              "name": "oval:org.mitre.oval:def:13811",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3740",
    "datePublished": "2010-10-05T17:00:00",
    "dateReserved": "2010-10-05T00:00:00",
    "dateUpdated": "2024-08-07T03:18:53.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-1239 (GCVE-0-2009-1239)

Vulnerability from cvelistv5

Published

2009-04-03 18:00

Modified

2024-08-07 05:04

Severity ?

CWE

n/a

Summary

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/49864	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21381257	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/0912	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-predicate-information-disclosure(49864)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"
          },
          {
            "name": "JR31886",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"
          },
          {
            "name": "ADV-2009-0912",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "db2-predicate-information-disclosure(49864)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"
        },
        {
          "name": "JR31886",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"
        },
        {
          "name": "ADV-2009-0912",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-predicate-information-disclosure(49864)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"
            },
            {
              "name": "JR31886",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"
            },
            {
              "name": "ADV-2009-0912",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1239",
    "datePublished": "2009-04-03T18:00:00",
    "dateReserved": "2009-04-03T00:00:00",
    "dateUpdated": "2024-08-07T05:04:49.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2533 (GCVE-0-2025-2533)

Vulnerability from cvelistv5

Published

2025-07-29 17:43

Modified

2025-07-29 18:35

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-789 - Uncontrolled Memory Allocation

Summary

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7240947

vendor-advisory, patch

Impacted products

	Vendor	Product	Version
	IBM	Db2	Version: 12.1.0 Version: 12.1.1 Version: 12.1.2 cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.2:::::linux::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2533",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-29T18:34:53.613096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T18:35:04.768Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1.0"
            },
            {
              "status": "affected",
              "version": "12.1.1"
            },
            {
              "status": "affected",
              "version": "12.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
            }
          ],
          "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T18:13:40.587Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7240947"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003eRelease  Fixed V12.1  V12.1.2  DT425951  \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e12.1.2 Latest:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\nRelease  Fixed V12.1  V12.1.2  DT425951  \nSpecial Build #62100 or later for V12.1.1 available at this link:\u00a0 https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n12.1.2 Latest:\u00a0 https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-2533",
    "datePublished": "2025-07-29T17:43:32.515Z",
    "dateReserved": "2025-03-19T15:25:50.293Z",
    "dateUpdated": "2025-07-29T18:35:04.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1998 (GCVE-0-2008-1998)

Vulnerability from cvelistv5

Published

2008-04-28 18:21

Modified

2024-08-07 08:41

Severity ?

CWE

n/a

Summary

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

References

►

URL

Tags

	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976	vendor-advisory, x_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776	vendor-advisory, x_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977	vendor-advisory, x_refsource_AIXAPAR
	http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml	x_refsource_MISC
	http://securityreason.com/securityalert/3840	third-party-advisory, x_refsource_SREASON
	http://www.securityfocus.com/archive/1/491073/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/29784	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/28836	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/29022	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41960	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:41:00.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IZ06976",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976"
          },
          {
            "name": "IZ10776",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776"
          },
          {
            "name": "IZ06977",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml"
          },
          {
            "name": "3840",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3840"
          },
          {
            "name": "20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491073/100/0/threaded"
          },
          {
            "name": "29784",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29784"
          },
          {
            "name": "28836",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28836"
          },
          {
            "name": "29022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29022"
          },
          {
            "name": "ibm-db2-nnstat-file-overwrite(41960)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41960"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IZ06976",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976"
        },
        {
          "name": "IZ10776",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776"
        },
        {
          "name": "IZ06977",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml"
        },
        {
          "name": "3840",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3840"
        },
        {
          "name": "20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/491073/100/0/threaded"
        },
        {
          "name": "29784",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29784"
        },
        {
          "name": "28836",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28836"
        },
        {
          "name": "29022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29022"
        },
        {
          "name": "ibm-db2-nnstat-file-overwrite(41960)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41960"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IZ06976",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976"
            },
            {
              "name": "IZ10776",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776"
            },
            {
              "name": "IZ06977",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977"
            },
            {
              "name": "http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml",
              "refsource": "MISC",
              "url": "http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml"
            },
            {
              "name": "3840",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3840"
            },
            {
              "name": "20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/491073/100/0/threaded"
            },
            {
              "name": "29784",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29784"
            },
            {
              "name": "28836",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28836"
            },
            {
              "name": "29022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29022"
            },
            {
              "name": "ibm-db2-nnstat-file-overwrite(41960)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41960"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1998",
    "datePublished": "2008-04-28T18:21:00",
    "dateReserved": "2008-04-28T00:00:00",
    "dateUpdated": "2024-08-07T08:41:00.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3738 (GCVE-0-2010-3738)

Vulnerability from cvelistv5

Published

2010-10-05 17:00

Modified

2024-08-07 03:18

Severity ?

CWE

n/a

Summary

The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184	vendor-advisory, x_refsource_AIXAPAR
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488	vdb-entry, signature, x_refsource_OVAL
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:53.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC65184",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184"
          },
          {
            "name": "oval:org.mitre.oval:def:14488",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC65184",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184"
        },
        {
          "name": "oval:org.mitre.oval:def:14488",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC65184",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184"
            },
            {
              "name": "oval:org.mitre.oval:def:14488",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3738",
    "datePublished": "2010-10-05T17:00:00",
    "dateReserved": "2010-10-05T00:00:00",
    "dateUpdated": "2024-08-07T03:18:53.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52296 (GCVE-0-2023-52296)

Vulnerability from cvelistv5

Published

2024-04-03 12:30

Modified

2025-02-13 17:20

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7145722	vendor-advisory
	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/278547	vdb-entry
	https://security.netapp.com/advisory/ntap-20240517-0003/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T17:47:37.149671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:56.548Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7145722"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/278547"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240517-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently.  IBM X-Force ID:  278547."
            }
          ],
          "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently.  IBM X-Force ID:  278547."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:46.588Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7145722"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/278547"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240517-0003/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-52296",
    "datePublished": "2024-04-03T12:30:40.180Z",
    "dateReserved": "2023-12-31T13:41:10.204Z",
    "dateUpdated": "2025-02-13T17:20:02.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22360 (GCVE-0-2024-22360)

Vulnerability from cvelistv5

Published

2024-04-03 12:32

Modified

2025-02-27 20:10

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7145730	vendor-advisory
	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/280905	vdb-entry
	https://security.netapp.com/advisory/ntap-20240517-0003/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22360",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T20:09:53.936535Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:10:04.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7145730"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/280905"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240517-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables.  IBM X-Force ID:  280905."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables.  IBM X-Force ID:  280905."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:44.808Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7145730"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/280905"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240517-0003/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-22360",
    "datePublished": "2024-04-03T12:32:21.341Z",
    "dateReserved": "2024-01-08T23:42:36.759Z",
    "dateUpdated": "2025-02-27T20:10:04.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4363 (GCVE-0-2020-4363)

Vulnerability from cvelistv5

Published

2020-07-01 14:25

Modified

2024-09-17 02:11

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6242332	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/178960	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6242332"
          },
          {
            "name": "ibm-db2-cve20204363-bo (178960)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:H/AV:L/S:U/C:H/UI:N/PR:N/A:H/AC:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-01T14:25:31",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6242332"
        },
        {
          "name": "ibm-db2-cve20204363-bo (178960)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-30T00:00:00",
          "ID": "CVE-2020-4363",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6242332",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6242332 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6242332"
            },
            {
              "name": "ibm-db2-cve20204363-bo (178960)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4363",
    "datePublished": "2020-07-01T14:25:31.439469Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T02:11:32.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1088 (GCVE-0-2007-1088)

Vulnerability from cvelistv5

Published

2007-02-23 22:00

Modified

2024-08-07 12:43

Severity ?

CWE

n/a

Summary

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

References

►

URL

Tags

	http://www.attrition.org/pipermail/vim/2007-August/001765.html	mailing-list, x_refsource_VIM
	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/32652	vdb-entry, x_refsource_XF
	http://osvdb.org/40971	vdb-entry, x_refsource_OSVDB
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	third-party-advisory, x_refsource_IDEFENSE
	http://www.securityfocus.com/bid/22677	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:43:22.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070818 Recent DB2 Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
          },
          {
            "name": "IY94833",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
          },
          {
            "name": "db2-variable-bo(32652)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32652"
          },
          {
            "name": "40971",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40971"
          },
          {
            "name": "20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
          },
          {
            "name": "22677",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22677"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070818 Recent DB2 Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
        },
        {
          "name": "IY94833",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
        },
        {
          "name": "db2-variable-bo(32652)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32652"
        },
        {
          "name": "40971",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40971"
        },
        {
          "name": "20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
        },
        {
          "name": "22677",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22677"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1088",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070818 Recent DB2 Vulnerabilities",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
            },
            {
              "name": "IY94833",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
            },
            {
              "name": "db2-variable-bo(32652)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32652"
            },
            {
              "name": "40971",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/40971"
            },
            {
              "name": "20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
            },
            {
              "name": "22677",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22677"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1088",
    "datePublished": "2007-02-23T22:00:00",
    "dateReserved": "2007-02-23T00:00:00",
    "dateUpdated": "2024-08-07T12:43:22.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40374 (GCVE-0-2023-40374)

Vulnerability from cvelistv5

Published

2023-10-16 22:47

Modified

2025-02-13 17:07

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7047261	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/263575	vdb-entry
	https://security.netapp.com/advisory/ntap-20231116-0007/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:31:53.741Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047261"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement.  IBM X-Force ID:  263575."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement.  IBM X-Force ID:  263575."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T15:07:01.160Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047261"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-40374",
    "datePublished": "2023-10-16T22:47:19.415Z",
    "dateReserved": "2023-08-14T20:12:05.636Z",
    "dateUpdated": "2025-02-13T17:07:46.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41762 (GCVE-0-2024-41762)

Vulnerability from cvelistv5

Published

2024-12-07 13:30

Modified

2024-12-09 18:02

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-789 - Uncontrolled Memory Allocation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7175946

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41762",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T17:37:08.932114Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T18:02:07.852Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-07T13:30:48.904Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7175946"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-41762",
    "datePublished": "2024-12-07T13:30:48.904Z",
    "dateReserved": "2024-07-22T12:02:49.316Z",
    "dateUpdated": "2024-12-09T18:02:07.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1834 (GCVE-0-2018-1834)

Vulnerability from cvelistv5

Published

2018-11-09 00:00

Modified

2024-09-17 01:01

Severity ?

7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.

References

►

URL

Tags

	http://www.securityfocus.com/bid/105885	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=ibm10733939	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1042086	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/150511	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105885",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
          },
          {
            "name": "1042086",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042086"
          },
          {
            "name": "ibm-db2-cve20181834-priv-escalation(150511)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150511"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:H/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-16T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "105885",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
        },
        {
          "name": "1042086",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042086"
        },
        {
          "name": "ibm-db2-cve20181834-priv-escalation(150511)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150511"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-05T00:00:00",
          "ID": "CVE-2018-1834",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105885",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105885"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733939",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
            },
            {
              "name": "1042086",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042086"
            },
            {
              "name": "ibm-db2-cve20181834-priv-escalation(150511)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150511"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1834",
    "datePublished": "2018-11-09T00:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T01:01:02.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5024 (GCVE-0-2020-5024)

Vulnerability from cvelistv5

Published

2021-03-11 15:30

Modified

2024-09-16 22:40

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6427861	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/193660	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210409-0003/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:08.743Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6427861"
          },
          {
            "name": "ibm-db2-cve20205024-dos (193660)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193660"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/PR:N/AV:N/UI:N/I:N/S:U/C:N/A:H/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-09T08:06:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6427861"
        },
        {
          "name": "ibm-db2-cve20205024-dos (193660)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193660"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-10T00:00:00",
          "ID": "CVE-2020-5024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6427861",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6427861 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6427861"
            },
            {
              "name": "ibm-db2-cve20205024-dos (193660)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193660"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210409-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-5024",
    "datePublished": "2021-03-11T15:30:25.884734Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T22:40:07.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45193 (GCVE-0-2023-45193)

Vulnerability from cvelistv5

Published

2024-01-22 19:02

Modified

2025-02-13 17:13

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7105501	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/268759	vdb-entry
	https://security.netapp.com/advisory/ntap-20240307-0001/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:19.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105501"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45193",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-23T15:49:12.345235Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T19:42:14.307Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.  IBM X-Force ID:  268759."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.  IBM X-Force ID:  268759."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T17:06:23.194Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105501"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268759"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-45193",
    "datePublished": "2024-01-22T19:02:09.851Z",
    "dateReserved": "2023-10-05T01:39:10.398Z",
    "dateUpdated": "2025-02-13T17:13:51.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29267 (GCVE-0-2023-29267)

Vulnerability from cvelistv5

Published

2024-06-12 18:24

Modified

2024-08-28 15:02

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-399 - Resource Management Errors

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7156851	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/287612	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29267",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T20:10:38.896084Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T20:10:46.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-28T15:02:43.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7156851"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287612"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240828-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.  IBM X-Force ID:  287612."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.  IBM X-Force ID:  287612."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399 Resource Management Errors",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T18:26:56.026Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7156851"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287612"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-29267",
    "datePublished": "2024-06-12T18:24:20.764Z",
    "dateReserved": "2023-04-04T18:46:07.428Z",
    "dateUpdated": "2024-08-28T15:02:43.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4335 (GCVE-0-2009-4335)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-08-07 07:01

Severity ?

CWE

n/a

Summary

Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits."

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62625	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/55007	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "name": "IC62625",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62625"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "ibm-db2-spatial-unspecified(55007)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55007"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to \"remote exploits.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "name": "IC62625",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62625"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "ibm-db2-spatial-unspecified(55007)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55007"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4335",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to \"remote exploits.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "IC62625",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62625"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "ibm-db2-spatial-unspecified(55007)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55007"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4335",
    "datePublished": "2009-12-16T18:00:00",
    "dateReserved": "2009-12-16T00:00:00",
    "dateUpdated": "2024-08-07T07:01:19.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4328 (GCVE-0-2009-4328)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-09-16 18:43

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64298	vendor-advisory, x_refsource_AIXAPAR
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:20.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC64298",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64298"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-16T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC64298",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64298"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC64298",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64298"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4328",
    "datePublished": "2009-12-16T18:00:00Z",
    "dateReserved": "2009-12-16T00:00:00Z",
    "dateUpdated": "2024-09-16T18:43:48.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1922 (GCVE-0-2015-1922)

Vulnerability from cvelistv5

Published

2015-07-20 01:00

Modified

2024-08-06 05:02

Severity ?

CWE

n/a

Summary

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21959650	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/75911	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id/1032879	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:41.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959650"
          },
          {
            "name": "75911",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75911"
          },
          {
            "name": "IT08524",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524"
          },
          {
            "name": "IT08523",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523"
          },
          {
            "name": "1032879",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032879"
          },
          {
            "name": "IT08525",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525"
          },
          {
            "name": "IT08526",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959650"
        },
        {
          "name": "75911",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75911"
        },
        {
          "name": "IT08524",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524"
        },
        {
          "name": "IT08523",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523"
        },
        {
          "name": "1032879",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032879"
        },
        {
          "name": "IT08525",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525"
        },
        {
          "name": "IT08526",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959650",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959650"
            },
            {
              "name": "75911",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75911"
            },
            {
              "name": "IT08524",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524"
            },
            {
              "name": "IT08523",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523"
            },
            {
              "name": "1032879",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032879"
            },
            {
              "name": "IT08525",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525"
            },
            {
              "name": "IT08526",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1922",
    "datePublished": "2015-07-20T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:41.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5025 (GCVE-0-2020-5025)

Vulnerability from cvelistv5

Published

2021-03-11 15:30

Modified

2024-09-16 20:52

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6427855	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/193661	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210409-0003/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6427855"
          },
          {
            "name": "ibm-db2-cve20205025-bo (193661)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193661"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:N/AV:L/AC:L/UI:N/S:U/I:H/A:H/C:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-09T08:06:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6427855"
        },
        {
          "name": "ibm-db2-cve20205025-bo (193661)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193661"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-03-10T00:00:00",
          "ID": "CVE-2020-5025",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6427855",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6427855 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6427855"
            },
            {
              "name": "ibm-db2-cve20205025-bo (193661)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193661"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210409-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-5025",
    "datePublished": "2021-03-11T15:30:26.575191Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T20:52:16.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3197 (GCVE-0-2010-3197)

Vulnerability from cvelistv5

Published

2010-08-31 21:00

Modified

2024-08-07 03:03

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.

References

►

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:14430",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430"
          },
          {
            "name": "IC67819",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:14430",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430"
        },
        {
          "name": "IC67819",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3197",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:14430",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430"
            },
            {
              "name": "IC67819",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3197",
    "datePublished": "2010-08-31T21:00:00",
    "dateReserved": "2010-08-31T00:00:00",
    "dateUpdated": "2024-08-07T03:03:18.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4135 (GCVE-0-2020-4135)

Vulnerability from cvelistv5

Published

2020-02-19 15:15

Modified

2024-09-16 18:28

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/2876307	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/173806	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210108-0001/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.915Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/2876307"
          },
          {
            "name": "ibm-db2-cve20204135-dos (173806)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210108-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/PR:N/AC:L/C:N/S:U/UI:N/AV:N/I:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-08T11:06:17",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/2876307"
        },
        {
          "name": "ibm-db2-cve20204135-dos (173806)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210108-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-18T00:00:00",
          "ID": "CVE-2020-4135",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/2876307",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 2876307 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/2876307"
            },
            {
              "name": "ibm-db2-cve20204135-dos (173806)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210108-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210108-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4135",
    "datePublished": "2020-02-19T15:15:45.454213Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T18:28:29.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30431 (GCVE-0-2023-30431)

Vulnerability from cvelistv5

Published

2023-07-09 23:58

Modified

2025-02-13 16:49

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010565	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/252184	vdb-entry
	https://security.netapp.com/advisory/ntap-20230731-0007/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:21:44.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010565"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252184"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2_for_linux_unix_and_windows:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "db2_for_linux_unix_and_windows",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              },
              {
                "status": "affected",
                "version": "11.1"
              },
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T19:20:20.811022Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T19:22:47.471Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking.  An attacker could overflow the buffer and execute arbitrary code.  IBM X-Force ID:  252184."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking.  An attacker could overflow the buffer and execute arbitrary code.  IBM X-Force ID:  252184."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:49.720Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010565"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252184"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 buffer overflow",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30431",
    "datePublished": "2023-07-09T23:58:32.882Z",
    "dateReserved": "2023-04-08T15:56:20.543Z",
    "dateUpdated": "2025-02-13T16:49:25.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1544 (GCVE-0-2018-1544)

Vulnerability from cvelistv5

Published

2018-05-25 14:00

Modified

2024-09-17 03:18

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22016143	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/142648	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1040967	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:43.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
          },
          {
            "name": "ibm-db2-cve20181544-bo(142648)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142648"
          },
          {
            "name": "1040967",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040967"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
        },
        {
          "name": "ibm-db2-cve20181544-bo(142648)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142648"
        },
        {
          "name": "1040967",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040967"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-22T00:00:00",
          "ID": "CVE-2018-1544",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016143",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
            },
            {
              "name": "ibm-db2-cve20181544-bo(142648)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142648"
            },
            {
              "name": "1040967",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040967"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1544",
    "datePublished": "2018-05-25T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:18:32.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1565 (GCVE-0-2018-1565)

Vulnerability from cvelistv5

Published

2018-05-25 14:00

Modified

2024-09-17 02:31

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22016143	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/143022	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1040967	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:43.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
          },
          {
            "name": "ibm-db2-cve20181565-bo(143022)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143022"
          },
          {
            "name": "1040967",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040967"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
        },
        {
          "name": "ibm-db2-cve20181565-bo(143022)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143022"
        },
        {
          "name": "1040967",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040967"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-22T00:00:00",
          "ID": "CVE-2018-1565",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016143",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
            },
            {
              "name": "ibm-db2-cve20181565-bo(143022)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143022"
            },
            {
              "name": "1040967",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040967"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1565",
    "datePublished": "2018-05-25T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T02:31:12.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50308 (GCVE-0-2023-50308)

Vulnerability from cvelistv5

Published

2024-01-22 18:44

Modified

2025-06-10 16:03

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7105506	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/273393	vdb-entry
	https://security.netapp.com/advisory/ntap-20240307-0001/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105506"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273393"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50308",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T16:03:37.899007Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T16:03:52.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables.  IBM X-Force ID:  273393."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables.  IBM X-Force ID:  273393."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T17:06:27.978Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105506"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273393"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-50308",
    "datePublished": "2024-01-22T18:44:56.572Z",
    "dateReserved": "2023-12-07T01:28:46.424Z",
    "dateUpdated": "2025-06-10T16:03:52.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29702 (GCVE-0-2021-29702)

Vulnerability from cvelistv5

Published

2021-06-16 16:15

Modified

2024-09-16 23:51

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6463985	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/200658	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210720-0005/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 11.1.4 Version: 11.5.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:01.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6463985"
          },
          {
            "name": "ibm-db2-cve202129702-dos (200658)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200658"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210720-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1.4"
            },
            {
              "status": "affected",
              "version": "11.5.5"
            }
          ]
        }
      ],
      "datePublic": "2021-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/C:N/PR:N/UI:N/S:U/A:H/AC:L/I:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:06:19",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6463985"
        },
        {
          "name": "ibm-db2-cve202129702-dos (200658)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200658"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210720-0005/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-06-15T00:00:00",
          "ID": "CVE-2021-29702",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1.4"
                          },
                          {
                            "version_value": "11.5.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6463985",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6463985 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6463985"
            },
            {
              "name": "ibm-db2-cve202129702-dos (200658)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200658"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210720-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210720-0005/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29702",
    "datePublished": "2021-06-16T16:15:24.434627Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T23:51:49.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4326 (GCVE-0-2009-4326)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-09-16 19:19

Severity ?

CWE

n/a

Summary

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946	vendor-advisory, x_refsource_AIXAPAR
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT	x_refsource_CONFIRM
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872	vendor-advisory, x_refsource_AIXAPAR
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC63946",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "IZ44872",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces \"repeating\" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-16T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC63946",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "IZ44872",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces \"repeating\" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC63946",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "IZ44872",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4326",
    "datePublished": "2009-12-16T18:00:00Z",
    "dateReserved": "2009-12-16T00:00:00Z",
    "dateUpdated": "2024-09-16T19:19:15.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22390 (GCVE-0-2022-22390)

Vulnerability from cvelistv5

Published

2022-06-24 16:45

Modified

2024-09-16 16:43

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6597993	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/221973	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20220729-0007/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:54.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6597993"
          },
          {
            "name": "ibm-db2-cve202222390-info-disc (221973)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2022-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/PR:N/UI:N/A:N/C:H/I:N/S:U/AV:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-29T19:07:39",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6597993"
        },
        {
          "name": "ibm-db2-cve202222390-info-disc (221973)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-06-23T00:00:00",
          "ID": "CVE-2022-22390",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6597993",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6597993 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6597993"
            },
            {
              "name": "ibm-db2-cve202222390-info-disc (221973)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220729-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-22390",
    "datePublished": "2022-06-24T16:45:19.526105Z",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-09-16T16:43:54.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-28762 (GCVE-0-2024-28762)

Vulnerability from cvelistv5

Published

2024-06-12 17:54

Modified

2024-08-02 00:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7156847	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/285246

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28762",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:14:32.856275Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:15:49.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:56:58.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7156847"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285246"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions.  IBM X-Force ID:  285246."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions.  IBM X-Force ID:  285246."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T17:54:33.200Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7156847"
        },
        {
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285246"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-28762",
    "datePublished": "2024-06-12T17:54:33.200Z",
    "dateReserved": "2024-03-10T12:22:43.137Z",
    "dateUpdated": "2024-08-02T00:56:58.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-43929 (GCVE-0-2022-43929)

Vulnerability from cvelistv5

Published

2023-02-17 16:57

Modified

2025-03-17 18:23

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6953763	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/241676	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1 and 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6953763"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241676"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T17:46:09.817591Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-17T18:23:51.701Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1 and 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted \u0027Load\u0027 command. IBM X-Force ID: 241676.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nIBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted \u0027Load\u0027 command. IBM X-Force ID: 241676.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-17T16:57:22.781Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6953763"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241676"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-43929",
    "datePublished": "2023-02-17T16:57:22.781Z",
    "dateReserved": "2022-10-26T15:46:22.849Z",
    "dateUpdated": "2025-03-17T18:23:51.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3736 (GCVE-0-2010-3736)

Vulnerability from cvelistv5

Published

2010-10-05 17:00

Modified

2024-08-07 03:18

Severity ?

CWE

n/a

Summary

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.

References

►

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182	vendor-advisory, x_refsource_AIXAPAR
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:13859",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859"
          },
          {
            "name": "IC68182",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:13859",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859"
        },
        {
          "name": "IC68182",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3736",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:13859",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859"
            },
            {
              "name": "IC68182",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3736",
    "datePublished": "2010-10-05T17:00:00",
    "dateReserved": "2010-10-05T00:00:00",
    "dateUpdated": "2024-08-07T03:18:52.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1448 (GCVE-0-2018-1448)

Vulnerability from cvelistv5

Published

2018-03-22 12:00

Modified

2024-09-17 03:32

Severity ?

7.7 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE

File Manipulation

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22014388	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/140043	x_refsource_MISC
	http://www.securityfocus.com/bid/103535	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.103Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014388"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140043"
          },
          {
            "name": "103535",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103535"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:H/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-30T09:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22014388"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140043"
        },
        {
          "name": "103535",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103535"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-14T00:00:00",
          "ID": "CVE-2018-1448",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "N",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014388",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014388"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140043",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140043"
            },
            {
              "name": "103535",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103535"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1448",
    "datePublished": "2018-03-22T12:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:32:39.003Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8901 (GCVE-0-2014-8901)

Vulnerability from cvelistv5

Published

2014-12-18 16:00

Modified

2024-08-06 13:33

Severity ?

CWE

n/a

Summary

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21692358	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05933	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05938	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05936	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/71734	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05937	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05939	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/99110	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:12.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692358"
          },
          {
            "name": "IT05933",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05933"
          },
          {
            "name": "IT05938",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05938"
          },
          {
            "name": "IT05936",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05936"
          },
          {
            "name": "71734",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71734"
          },
          {
            "name": "IT05937",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05937"
          },
          {
            "name": "IT05939",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05939"
          },
          {
            "name": "ibm-xml-cve20148901-dos(99110)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99110"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-28T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692358"
        },
        {
          "name": "IT05933",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05933"
        },
        {
          "name": "IT05938",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05938"
        },
        {
          "name": "IT05936",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05936"
        },
        {
          "name": "71734",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71734"
        },
        {
          "name": "IT05937",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05937"
        },
        {
          "name": "IT05939",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05939"
        },
        {
          "name": "ibm-xml-cve20148901-dos(99110)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99110"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-8901",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692358",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692358"
            },
            {
              "name": "IT05933",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05933"
            },
            {
              "name": "IT05938",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05938"
            },
            {
              "name": "IT05936",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05936"
            },
            {
              "name": "71734",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71734"
            },
            {
              "name": "IT05937",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05937"
            },
            {
              "name": "IT05939",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05939"
            },
            {
              "name": "ibm-xml-cve20148901-dos(99110)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99110"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-8901",
    "datePublished": "2014-12-18T16:00:00",
    "dateReserved": "2014-11-14T00:00:00",
    "dateUpdated": "2024-08-06T13:33:12.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4032 (GCVE-0-2013-4032)

Vulnerability from cvelistv5

Published

2013-10-02 10:00

Modified

2024-08-06 16:30

Severity ?

CWE

n/a

Summary

The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/86092	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94434	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21650231	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94939	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-fcm-cve20134032-dos(86092)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86092"
          },
          {
            "name": "IC94434",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94434"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650231"
          },
          {
            "name": "IC94939",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94939"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "db2-fcm-cve20134032-dos(86092)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86092"
        },
        {
          "name": "IC94434",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94434"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650231"
        },
        {
          "name": "IC94939",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94939"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4032",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-fcm-cve20134032-dos(86092)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86092"
            },
            {
              "name": "IC94434",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94434"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21650231",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650231"
            },
            {
              "name": "IC94939",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94939"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4032",
    "datePublished": "2013-10-02T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6717 (GCVE-0-2013-6717)

Vulnerability from cvelistv5

Published

2013-12-19 22:00

Modified

2024-08-06 17:46

Severity ?

CWE

n/a

Summary

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=swg21659490	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/64336	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/56451	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/89116	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21660041	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:46:22.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC97738",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738"
          },
          {
            "name": "IC97762",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21659490"
          },
          {
            "name": "64336",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64336"
          },
          {
            "name": "56451",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56451"
          },
          {
            "name": "IC95641",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641"
          },
          {
            "name": "ibm-db2-cve20136717-dos(89116)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89116"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660041"
          },
          {
            "name": "IC97737",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-25T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IC97738",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738"
        },
        {
          "name": "IC97762",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21659490"
        },
        {
          "name": "64336",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64336"
        },
        {
          "name": "56451",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56451"
        },
        {
          "name": "IC95641",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641"
        },
        {
          "name": "ibm-db2-cve20136717-dos(89116)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89116"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660041"
        },
        {
          "name": "IC97737",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-6717",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC97738",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738"
            },
            {
              "name": "IC97762",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21659490",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21659490"
            },
            {
              "name": "64336",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64336"
            },
            {
              "name": "56451",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56451"
            },
            {
              "name": "IC95641",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641"
            },
            {
              "name": "ibm-db2-cve20136717-dos(89116)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89116"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660041",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660041"
            },
            {
              "name": "IC97737",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-6717",
    "datePublished": "2013-12-19T22:00:00",
    "dateReserved": "2013-11-08T00:00:00",
    "dateUpdated": "2024-08-06T17:46:22.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41296 (GCVE-0-2022-41296)

Vulnerability from cvelistv5

Published

2022-12-01 17:24

Modified

2024-08-03 12:42

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Summary

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6843071	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/237210	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2U	Version: 3.5, 4.0, 4.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:42:45.776Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230120-0003/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6843071"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T18:50:52.073301Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:50:58.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2U",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "3.5, 4.0, 4.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-12T01:49:10.008967Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6843071"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2U cross-site respect forgery",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-41296",
    "datePublished": "2022-12-01T17:24:48.698Z",
    "dateReserved": "2022-09-21T17:43:55.394Z",
    "dateUpdated": "2024-08-03T12:42:45.776Z",
    "requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-26021 (GCVE-0-2023-26021)

Vulnerability from cvelistv5

Published

2023-04-28 18:23

Modified

2025-02-13 16:44

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6985681	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/247864	vdb-entry
	https://security.netapp.com/advisory/ntap-20230511-0010/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:39:06.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6985681"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247864"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26021",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T20:04:01.574745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T20:04:09.674Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause.  IBM X-Force ID:  247864."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause.  IBM X-Force ID:  247864."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-11T14:06:19.508Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6985681"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247864"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-26021",
    "datePublished": "2023-04-28T18:23:40.507Z",
    "dateReserved": "2023-02-17T18:40:48.572Z",
    "dateUpdated": "2025-02-13T16:44:41.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46167 (GCVE-0-2023-46167)

Vulnerability from cvelistv5

Published

2023-12-04 00:04

Modified

2025-02-13 17:14

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7087203	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/269367	vdb-entry
	https://security.netapp.com/advisory/ntap-20240112-0003/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:39.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7087203"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240112-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.  IBM X-Force ID:  269367."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.  IBM X-Force ID:  269367."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T14:06:24.402Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7087203"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240112-0003/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-46167",
    "datePublished": "2023-12-04T00:04:15.436Z",
    "dateReserved": "2023-10-17T22:30:15.074Z",
    "dateUpdated": "2025-02-13T17:14:18.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0710 (GCVE-0-2012-0710)

Vulnerability from cvelistv5

Published

2012-03-20 20:00

Modified

2024-08-06 18:30

Severity ?

CWE

n/a

Summary

IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/73494	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/78282	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21588090	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902	vendor-advisory, x_refsource_AIXAPAR
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15078	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:30:53.792Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "db2-drda-dos(73494)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73494"
          },
          {
            "name": "IC76901",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901"
          },
          {
            "name": "78282",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78282"
          },
          {
            "name": "IC76781",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781"
          },
          {
            "name": "IC76899",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588090"
          },
          {
            "name": "IC76902",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902"
          },
          {
            "name": "oval:org.mitre.oval:def:15078",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15078"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "db2-drda-dos(73494)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73494"
        },
        {
          "name": "IC76901",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901"
        },
        {
          "name": "78282",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/78282"
        },
        {
          "name": "IC76781",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781"
        },
        {
          "name": "IC76899",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588090"
        },
        {
          "name": "IC76902",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902"
        },
        {
          "name": "oval:org.mitre.oval:def:15078",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15078"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0710",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "db2-drda-dos(73494)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73494"
            },
            {
              "name": "IC76901",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901"
            },
            {
              "name": "78282",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/78282"
            },
            {
              "name": "IC76781",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781"
            },
            {
              "name": "IC76899",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21588090",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588090"
            },
            {
              "name": "IC76902",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902"
            },
            {
              "name": "oval:org.mitre.oval:def:15078",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15078"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0710",
    "datePublished": "2012-03-20T20:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:30:53.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-2154 (GCVE-0-2008-2154)

Vulnerability from cvelistv5

Published

2009-06-03 20:35

Modified

2024-08-07 08:49

Severity ?

CWE

n/a

Summary

IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/51105	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/35409	vdb-entry, x_refsource_BID
	http://osvdb.org/48147	vdb-entry, x_refsource_OSVDB
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/31787	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:58.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "IZ22143",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143"
          },
          {
            "name": "db2-installjar-priv-escalation(51105)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51105"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
          },
          {
            "name": "35409",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35409"
          },
          {
            "name": "48147",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/48147"
          },
          {
            "name": "IZ22142",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142"
          },
          {
            "name": "IZ21983",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983"
          },
          {
            "name": "31787",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31787"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "IZ22143",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143"
        },
        {
          "name": "db2-installjar-priv-escalation(51105)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51105"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
        },
        {
          "name": "35409",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35409"
        },
        {
          "name": "48147",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/48147"
        },
        {
          "name": "IZ22142",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142"
        },
        {
          "name": "IZ21983",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983"
        },
        {
          "name": "31787",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31787"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2154",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "IZ22143",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143"
            },
            {
              "name": "db2-installjar-priv-escalation(51105)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51105"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
            },
            {
              "name": "35409",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35409"
            },
            {
              "name": "48147",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/48147"
            },
            {
              "name": "IZ22142",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142"
            },
            {
              "name": "IZ21983",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983"
            },
            {
              "name": "31787",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31787"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2154",
    "datePublished": "2009-06-03T20:35:00",
    "dateReserved": "2008-05-12T00:00:00",
    "dateUpdated": "2024-08-07T08:49:58.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8910 (GCVE-0-2014-8910)

Vulnerability from cvelistv5

Published

2015-07-20 01:00

Modified

2024-08-06 13:33

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21697988	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/75949	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1032883	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:12.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IT06355",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697988"
          },
          {
            "name": "IT06353",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353"
          },
          {
            "name": "75949",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75949"
          },
          {
            "name": "1032883",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032883"
          },
          {
            "name": "IT06354",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354"
          },
          {
            "name": "IT06356",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IT06355",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697988"
        },
        {
          "name": "IT06353",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353"
        },
        {
          "name": "75949",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75949"
        },
        {
          "name": "1032883",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032883"
        },
        {
          "name": "IT06354",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354"
        },
        {
          "name": "IT06356",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-8910",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IT06355",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697988",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697988"
            },
            {
              "name": "IT06353",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353"
            },
            {
              "name": "75949",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75949"
            },
            {
              "name": "1032883",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032883"
            },
            {
              "name": "IT06354",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354"
            },
            {
              "name": "IT06356",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-8910",
    "datePublished": "2015-07-20T01:00:00",
    "dateReserved": "2014-11-14T00:00:00",
    "dateUpdated": "2024-08-06T13:33:12.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27254 (GCVE-0-2024-27254)

Vulnerability from cvelistv5

Published

2024-04-03 12:24

Modified

2025-02-13 17:46

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7145727	vendor-advisory
	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/283813	vdb-entry
	https://security.netapp.com/advisory/ntap-20240517-0004/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27254",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-04T13:38:02.047186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:46:27.051Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:28:00.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7145727"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/283813"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240517-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions.  IBM X-Force ID:  283813."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions.  IBM X-Force ID:  283813."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:08:00.900Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7145727"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/283813"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240517-0004/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-27254",
    "datePublished": "2024-04-03T12:24:05.327Z",
    "dateReserved": "2024-02-22T01:26:15.968Z",
    "dateUpdated": "2025-02-13T17:46:21.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3095 (GCVE-0-2014-3095)

Vulnerability from cvelistv5

Published

2014-09-04 10:00

Modified

2024-08-06 10:35

Severity ?

CWE

n/a

Summary

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21681623	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21683297	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/69546	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/94263	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/58725	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/60845	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:56.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623"
          },
          {
            "name": "IT02644",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297"
          },
          {
            "name": "69546",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69546"
          },
          {
            "name": "IT02645",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645"
          },
          {
            "name": "ibm-db2-cve20143095-dos(94263)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94263"
          },
          {
            "name": "58725",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58725"
          },
          {
            "name": "IT02643",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643"
          },
          {
            "name": "IT02433",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433"
          },
          {
            "name": "IT02646",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646"
          },
          {
            "name": "60845",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60845"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623"
        },
        {
          "name": "IT02644",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297"
        },
        {
          "name": "69546",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69546"
        },
        {
          "name": "IT02645",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645"
        },
        {
          "name": "ibm-db2-cve20143095-dos(94263)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94263"
        },
        {
          "name": "58725",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58725"
        },
        {
          "name": "IT02643",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643"
        },
        {
          "name": "IT02433",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433"
        },
        {
          "name": "IT02646",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646"
        },
        {
          "name": "60845",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60845"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623"
            },
            {
              "name": "IT02644",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297"
            },
            {
              "name": "69546",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69546"
            },
            {
              "name": "IT02645",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645"
            },
            {
              "name": "ibm-db2-cve20143095-dos(94263)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94263"
            },
            {
              "name": "58725",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58725"
            },
            {
              "name": "IT02643",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643"
            },
            {
              "name": "IT02433",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433"
            },
            {
              "name": "IT02646",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646"
            },
            {
              "name": "60845",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60845"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3095",
    "datePublished": "2014-09-04T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:35:56.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4330 (GCVE-0-2009-4330)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-09-16 19:15

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62501	vendor-advisory, x_refsource_AIXAPAR
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC62501",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62501"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-16T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC62501",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62501"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4330",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC62501",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62501"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4330",
    "datePublished": "2009-12-16T18:00:00Z",
    "dateReserved": "2009-12-16T00:00:00Z",
    "dateUpdated": "2024-09-16T19:15:02.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4439 (GCVE-0-2009-4439)

Vulnerability from cvelistv5

Published

2009-12-28 19:00

Modified

2024-09-16 18:59

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1JR31948	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:20.272Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "name": "JR31948",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-28T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "name": "JR31948",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4439",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "JR31948",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31948"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4439",
    "datePublished": "2009-12-28T19:00:00Z",
    "dateReserved": "2009-12-28T00:00:00Z",
    "dateUpdated": "2024-09-16T18:59:22.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-35012 (GCVE-0-2023-35012)

Vulnerability from cvelistv5

Published

2023-07-17 00:01

Modified

2024-11-05 15:08

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010747	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/257763	vdb-entry
	https://security.netapp.com/advisory/ntap-20230818-0013/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:17:04.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010747"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257763"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230818-0013/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2_for_linux_unix_and_windows:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "db2_for_linux_unix_and_windows",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-35012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T15:07:17.575574Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:08:39.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.  A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system.  IBM X-Force ID:  257763."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.  A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system.  IBM X-Force ID:  257763."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-19T16:26:10.041Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010747"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257763"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230818-0013/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-35012",
    "datePublished": "2023-07-17T00:01:20.010Z",
    "dateReserved": "2023-06-11T20:38:02.325Z",
    "dateUpdated": "2024-11-05T15:08:39.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22389 (GCVE-0-2022-22389)

Vulnerability from cvelistv5

Published

2022-06-24 16:45

Modified

2024-09-16 17:18

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6598047	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/221970	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20220729-0007/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:54.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6598047"
          },
          {
            "name": "ibm-db2-cve202222389-dos (221970)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2022-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/PR:L/AC:L/A:H/C:N/AV:N/S:U/I:N/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-29T19:07:28",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6598047"
        },
        {
          "name": "ibm-db2-cve202222389-dos (221970)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-06-23T00:00:00",
          "ID": "CVE-2022-22389",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6598047",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6598047 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6598047"
            },
            {
              "name": "ibm-db2-cve202222389-dos (221970)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220729-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-22389",
    "datePublished": "2022-06-24T16:45:17.882277Z",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:18:40.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1935 (GCVE-0-2015-1935)

Vulnerability from cvelistv5

Published

2015-07-20 01:00

Modified

2024-08-06 05:02

Severity ?

CWE

n/a

Summary

The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.

References

►

URL

Tags

	http://www.securityfocus.com/bid/75908	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21902661	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1033063	vdb-entry, x_refsource_SECTRACK
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:42.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "75908",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75908"
          },
          {
            "name": "IT08543",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661"
          },
          {
            "name": "1033063",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033063"
          },
          {
            "name": "IT08656",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656"
          },
          {
            "name": "IT08668",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668"
          },
          {
            "name": "IT08667",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "75908",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75908"
        },
        {
          "name": "IT08543",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661"
        },
        {
          "name": "1033063",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033063"
        },
        {
          "name": "IT08656",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656"
        },
        {
          "name": "IT08668",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668"
        },
        {
          "name": "IT08667",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "75908",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75908"
            },
            {
              "name": "IT08543",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661"
            },
            {
              "name": "1033063",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033063"
            },
            {
              "name": "IT08656",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656"
            },
            {
              "name": "IT08668",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668"
            },
            {
              "name": "IT08667",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1935",
    "datePublished": "2015-07-20T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:42.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3958 (GCVE-0-2008-3958)

Vulnerability from cvelistv5

Published

2008-09-09 14:00

Modified

2024-08-07 10:00

Severity ?

CWE

n/a

Summary

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/31058	vdb-entry, x_refsource_BID
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/31787	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/48144	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/45133	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:41.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "31058",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31058"
          },
          {
            "name": "IZ08134",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134"
          },
          {
            "name": "31787",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31787"
          },
          {
            "name": "48144",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/48144"
          },
          {
            "name": "ibm-db2-connect-attach-dos1(45133)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45133"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.  NOTE: this may overlap CVE-2008-3858.  NOTE: this issue exists because of an incomplete fix for CVE-2008-3959."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "31058",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31058"
        },
        {
          "name": "IZ08134",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134"
        },
        {
          "name": "31787",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31787"
        },
        {
          "name": "48144",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/48144"
        },
        {
          "name": "ibm-db2-connect-attach-dos1(45133)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45133"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3958",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.  NOTE: this may overlap CVE-2008-3858.  NOTE: this issue exists because of an incomplete fix for CVE-2008-3959."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "31058",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31058"
            },
            {
              "name": "IZ08134",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134"
            },
            {
              "name": "31787",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31787"
            },
            {
              "name": "48144",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/48144"
            },
            {
              "name": "ibm-db2-connect-attach-dos1(45133)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45133"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3958",
    "datePublished": "2008-09-09T14:00:00",
    "dateReserved": "2008-09-09T00:00:00",
    "dateUpdated": "2024-08-07T10:00:41.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4870 (GCVE-0-2005-4870)

Vulnerability from cvelistv5

Published

2007-10-06 21:00

Modified

2024-08-08 00:01

Severity ?

CWE

n/a

Summary

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument.

References

►

URL

Tags

	http://www.nextgenss.com/advisories/db205012005H.txt	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/17617	vdb-entry, x_refsource_XF
	http://www-1.ibm.com/support/docview.wss?uid=swg1IY62297	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/11404	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/12733/	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=110495554227717&w=2	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nextgenss.com/advisories/db205012005H.txt"
          },
          {
            "name": "db2-xml-udf-bo(17617)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17617"
          },
          {
            "name": "IY62297",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY62297"
          },
          {
            "name": "11404",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11404"
          },
          {
            "name": "12733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12733/"
          },
          {
            "name": "20050105 IBM DB2 XML functions overflows (#NISR05012005H)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110495554227717\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nextgenss.com/advisories/db205012005H.txt"
        },
        {
          "name": "db2-xml-udf-bo(17617)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17617"
        },
        {
          "name": "IY62297",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY62297"
        },
        {
          "name": "11404",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11404"
        },
        {
          "name": "12733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12733/"
        },
        {
          "name": "20050105 IBM DB2 XML functions overflows (#NISR05012005H)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110495554227717\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.nextgenss.com/advisories/db205012005H.txt",
              "refsource": "MISC",
              "url": "http://www.nextgenss.com/advisories/db205012005H.txt"
            },
            {
              "name": "db2-xml-udf-bo(17617)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17617"
            },
            {
              "name": "IY62297",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY62297"
            },
            {
              "name": "11404",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11404"
            },
            {
              "name": "12733",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12733/"
            },
            {
              "name": "20050105 IBM DB2 XML functions overflows (#NISR05012005H)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110495554227717\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4870",
    "datePublished": "2007-10-06T21:00:00",
    "dateReserved": "2007-10-06T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38719 (GCVE-0-2023-38719)

Vulnerability from cvelistv5

Published

2023-10-16 23:05

Modified

2025-02-13 17:02

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7047558	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/261607	vdb-entry
	https://security.netapp.com/advisory/ntap-20231116-0008/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047558"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF.  IBM X-Force ID:  261607."
            }
          ],
          "value": "IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF.  IBM X-Force ID:  261607."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T15:07:44.663Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047558"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0008/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-38719",
    "datePublished": "2023-10-16T23:05:41.644Z",
    "dateReserved": "2023-07-25T00:00:53.164Z",
    "dateUpdated": "2025-02-13T17:02:33.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47152 (GCVE-0-2023-47152)

Vulnerability from cvelistv5

Published

2024-01-22 20:03

Modified

2025-05-30 14:22

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-209 - Generation of Error Message Containing Sensitive Information

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7105605	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240307-0001/	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:01:22.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105605"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270730"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:53:13.413231Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T14:22:05.789Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-27T14:06:48.149Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105605"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-47152",
    "datePublished": "2024-01-22T20:03:52.428Z",
    "dateReserved": "2023-10-31T00:13:36.931Z",
    "dateUpdated": "2025-05-30T14:22:05.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-0472 (GCVE-0-2010-0472)

Vulnerability from cvelistv5

Published

2010-02-02 18:00

Modified

2024-08-07 00:52

Severity ?

CWE

n/a

Summary

kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.

References

►

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14289	vdb-entry, signature, x_refsource_OVAL
	http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68762	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/38018	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:52:19.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:14289",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14289"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html"
          },
          {
            "name": "IC68762",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68762"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "name": "38018",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:14289",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14289"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html"
        },
        {
          "name": "IC68762",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68762"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "name": "38018",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38018"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0472",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:14289",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14289"
            },
            {
              "name": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html",
              "refsource": "MISC",
              "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html"
            },
            {
              "name": "IC68762",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68762"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
            },
            {
              "name": "38018",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38018"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0472",
    "datePublished": "2010-02-02T18:00:00",
    "dateReserved": "2010-02-02T00:00:00",
    "dateUpdated": "2024-08-07T00:52:19.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4334 (GCVE-0-2009-4334)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-09-16 21:57

Severity ?

CWE

n/a

Summary

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019	vendor-advisory, x_refsource_AIXAPAR
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT	x_refsource_CONFIRM
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT	x_refsource_CONFIRM
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355	vendor-advisory, x_refsource_AIXAPAR
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC64019",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "IZ50355",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "name": "IZ48106",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-16T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC64019",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "IZ50355",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "name": "IZ48106",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4334",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC64019",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "IZ50355",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "IZ48106",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4334",
    "datePublished": "2009-12-16T18:00:00Z",
    "dateReserved": "2009-12-16T00:00:00Z",
    "dateUpdated": "2024-09-16T21:57:58.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0907 (GCVE-0-2014-0907)

Vulnerability from cvelistv5

Published

2014-05-30 23:00

Modified

2024-08-06 09:27

Severity ?

CWE

n/a

Summary

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

References

►

URL

Tags

	http://seclists.org/fulldisclosure/2014/Jun/7	mailing-list, x_refsource_FULLDISC
	http://www-304.ibm.com/support/docview.wss?uid=swg21676135	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=swg1IT00686	x_refsource_CONFIRM
	http://www.ibm.com/support/docview.wss?uid=swg21672100	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=isg400001843	x_refsource_CONFIRM
	http://secunia.com/advisories/59463	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=isg400001841	x_refsource_CONFIRM
	http://www.ibm.com/support/docview.wss?uid=swg21610582#4	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1030670	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/67617	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685	vendor-advisory, x_refsource_AIXAPAR
	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg21680454	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1030671	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/91869	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/60482	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/59451	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687	vendor-advisory, x_refsource_AIXAPAR
	http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140603 CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Jun/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21676135"
          },
          {
            "name": "IT00686",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT00686"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21672100"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "name": "59463",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59463"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
          },
          {
            "name": "1030670",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030670"
          },
          {
            "name": "67617",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67617"
          },
          {
            "name": "IT00685",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680454"
          },
          {
            "name": "1030671",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030671"
          },
          {
            "name": "ibm-cve20140907-priv-escalation(91869)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91869"
          },
          {
            "name": "60482",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60482"
          },
          {
            "name": "59451",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59451"
          },
          {
            "name": "IT00687",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html"
          },
          {
            "name": "IT00684",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684"
          },
          {
            "name": "IT00627",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "20140603 CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Jun/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21676135"
        },
        {
          "name": "IT00686",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT00686"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21672100"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
        },
        {
          "name": "59463",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59463"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
        },
        {
          "name": "1030670",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030670"
        },
        {
          "name": "67617",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67617"
        },
        {
          "name": "IT00685",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680454"
        },
        {
          "name": "1030671",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030671"
        },
        {
          "name": "ibm-cve20140907-priv-escalation(91869)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91869"
        },
        {
          "name": "60482",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60482"
        },
        {
          "name": "59451",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59451"
        },
        {
          "name": "IT00687",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html"
        },
        {
          "name": "IT00684",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684"
        },
        {
          "name": "IT00627",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0907",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140603 CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Jun/7"
            },
            {
              "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21676135",
              "refsource": "CONFIRM",
              "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21676135"
            },
            {
              "name": "IT00686",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg1IT00686",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT00686"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21672100",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21672100"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
            },
            {
              "name": "59463",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59463"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
            },
            {
              "name": "1030670",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030670"
            },
            {
              "name": "67617",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67617"
            },
            {
              "name": "IT00685",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685"
            },
            {
              "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/",
              "refsource": "MISC",
              "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680454",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680454"
            },
            {
              "name": "1030671",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030671"
            },
            {
              "name": "ibm-cve20140907-priv-escalation(91869)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91869"
            },
            {
              "name": "60482",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60482"
            },
            {
              "name": "59451",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59451"
            },
            {
              "name": "IT00687",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687"
            },
            {
              "name": "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html"
            },
            {
              "name": "IT00684",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684"
            },
            {
              "name": "IT00627",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0907",
    "datePublished": "2014-05-30T23:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4327 (GCVE-0-2009-4327)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-09-16 17:19

Severity ?

CWE

n/a

Summary

The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT	x_refsource_CONFIRM
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "name": "IC63179",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179"
          },
          {
            "name": "IZ43772",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-16T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "name": "IC63179",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179"
        },
        {
          "name": "IZ43772",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "IC63179",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179"
            },
            {
              "name": "IZ43772",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4327",
    "datePublished": "2009-12-16T18:00:00Z",
    "dateReserved": "2009-12-16T00:00:00Z",
    "dateUpdated": "2024-09-16T17:19:02.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1677 (GCVE-0-2017-1677)

Vulnerability from cvelistv5

Published

2018-03-22 12:00

Modified

2024-09-17 01:00

Severity ?

7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Gain Privileges

Summary

IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22012896	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041227	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/103422	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/133999	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22012896"
          },
          {
            "name": "1041227",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041227"
          },
          {
            "name": "103422",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103422"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133999"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:H/AV:L/C:H/I:H/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22012896"
        },
        {
          "name": "1041227",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041227"
        },
        {
          "name": "103422",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103422"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-14T00:00:00",
          "ID": "CVE-2017-1677",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22012896",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22012896"
            },
            {
              "name": "1041227",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041227"
            },
            {
              "name": "103422",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103422"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133999",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1677",
    "datePublished": "2018-03-22T12:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:00:38.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38740 (GCVE-0-2023-38740)

Vulnerability from cvelistv5

Published

2023-10-16 21:24

Modified

2025-02-13 17:02

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7047489	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/262613	vdb-entry
	https://security.netapp.com/advisory/ntap-20231116-0007/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:54:38.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047489"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38740",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T18:43:32.530588Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T18:45:45.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement.  IBM X-Force ID:  262613."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement.  IBM X-Force ID:  262613."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T15:06:59.358Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047489"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-38740",
    "datePublished": "2023-10-16T21:24:15.155Z",
    "dateReserved": "2023-07-25T00:01:17.450Z",
    "dateUpdated": "2025-02-13T17:02:35.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1452 (GCVE-0-2018-1452)

Vulnerability from cvelistv5

Published

2018-05-25 14:00

Modified

2024-09-17 01:41

Severity ?

CWE

File Manipulation

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22016181	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041004	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/140047	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
          },
          {
            "name": "1041004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041004"
          },
          {
            "name": "ibm-db2-cve20181452-file-overwrite(140047)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-14T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
        },
        {
          "name": "1041004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041004"
        },
        {
          "name": "ibm-db2-cve20181452-file-overwrite(140047)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140047"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-22T00:00:00",
          "ID": "CVE-2018-1452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016181",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
            },
            {
              "name": "1041004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041004"
            },
            {
              "name": "ibm-db2-cve20181452-file-overwrite(140047)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140047"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1452",
    "datePublished": "2018-05-25T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T01:41:55.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38729 (GCVE-0-2023-38729)

Vulnerability from cvelistv5

Published

2024-04-03 12:27

Modified

2025-01-09 14:32

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7145721

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "db2",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              },
              {
                "status": "affected",
                "version": "11.1"
              },
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "db2",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              },
              {
                "status": "affected",
                "version": "11.1"
              },
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "db2",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              },
              {
                "status": "affected",
                "version": "11.1"
              },
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2_connect_server:10.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "db2_connect_server",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2_connect_server:11.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "db2_connect_server",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "11.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2_connect_server:11.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "db2_connect_server",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T20:56:49.238610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T21:01:13.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7145721"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/262259"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240517-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T14:32:36.314Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7145721"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-38729",
    "datePublished": "2024-04-03T12:27:36.197Z",
    "dateReserved": "2023-07-25T00:01:06.101Z",
    "dateUpdated": "2025-01-09T14:32:36.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38720 (GCVE-0-2023-38720)

Vulnerability from cvelistv5

Published

2023-10-16 20:52

Modified

2025-06-12 15:13

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7047489	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/261616	vdb-entry
	https://security.netapp.com/advisory/ntap-20231116-0005/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047489"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0005/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38720",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-12T15:12:34.610980Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-12T15:13:28.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement.  IBM X-Force ID:  261616."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement.  IBM X-Force ID:  261616."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T15:06:34.864Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047489"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0005/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-38720",
    "datePublished": "2023-10-16T20:52:54.759Z",
    "dateReserved": "2023-07-25T00:00:53.164Z",
    "dateUpdated": "2025-06-12T15:13:28.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35152 (GCVE-0-2024-35152)

Vulnerability from cvelistv5

Published

2024-08-14 17:40

Modified

2024-08-14 17:58

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-789 - Uncontrolled Memory Allocation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7165342	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/292639	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5 cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T17:57:51.567577Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T17:58:00.335Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID:  292639."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID:  292639."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T17:40:25.318Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7165342"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292639"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-35152",
    "datePublished": "2024-08-14T17:40:25.318Z",
    "dateReserved": "2024-05-09T16:27:47.446Z",
    "dateUpdated": "2024-08-14T17:58:00.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3735 (GCVE-0-2010-3735)

Vulnerability from cvelistv5

Published

2010-10-05 17:00

Modified

2024-08-07 03:18

Severity ?

CWE

n/a

Summary

The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417	vendor-advisory, x_refsource_AIXAPAR
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736	vdb-entry, signature, x_refsource_OVAL
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IZ58417",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417"
          },
          {
            "name": "oval:org.mitre.oval:def:14736",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The \"Query Compiler, Rewrite, Optimizer\" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IZ58417",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417"
        },
        {
          "name": "oval:org.mitre.oval:def:14736",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3735",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The \"Query Compiler, Rewrite, Optimizer\" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IZ58417",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417"
            },
            {
              "name": "oval:org.mitre.oval:def:14736",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3735",
    "datePublished": "2010-10-05T17:00:00",
    "dateReserved": "2010-10-05T00:00:00",
    "dateUpdated": "2024-08-07T03:18:52.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29825 (GCVE-0-2021-29825)

Vulnerability from cvelistv5

Published

2021-09-16 15:50

Modified

2024-09-16 19:14

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6489499	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/204470	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20211029-0005/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:03.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6489499"
          },
          {
            "name": "ibm-db2-cve202129825-info-disc (204470)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/C:H/AV:N/PR:N/S:U/A:N/UI:N/I:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-29T12:06:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6489499"
        },
        {
          "name": "ibm-db2-cve202129825-info-disc (204470)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-09-15T00:00:00",
          "ID": "CVE-2021-29825",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6489499",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6489499 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6489499"
            },
            {
              "name": "ibm-db2-cve202129825-info-disc (204470)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211029-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29825",
    "datePublished": "2021-09-16T15:50:20.270592Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T19:14:36.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38003 (GCVE-0-2023-38003)

Vulnerability from cvelistv5

Published

2023-12-04 00:12

Modified

2025-05-29 14:14

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

264 Permissions, Privileges, Access Controls

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7078681	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/260214	vdb-entry
	https://security.netapp.com/advisory/ntap-20240119-0001/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:23:27.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7078681"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260214"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-29T14:14:05.804275Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T14:14:19.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to.  IBM X-Force ID:  260214."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to.  IBM X-Force ID:  260214."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "264 Permissions, Privileges, Access Controls",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-19T16:06:52.870Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7078681"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260214"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 command execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-38003",
    "datePublished": "2023-12-04T00:12:37.484Z",
    "dateReserved": "2023-07-11T17:33:11.275Z",
    "dateUpdated": "2025-05-29T14:14:19.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47746 (GCVE-0-2023-47746)

Vulnerability from cvelistv5

Published

2024-01-22 18:42

Modified

2025-02-13 17:18

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7105505	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/272644	vdb-entry
	https://security.netapp.com/advisory/ntap-20240307-0003/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:16:43.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105505"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272644"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0003/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2_for_linux_unix_and_windows:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "db2_for_linux_unix_and_windows",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              },
              {
                "status": "affected",
                "version": "11.1"
              },
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-23T16:32:05.661659Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T10:51:11.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  272644."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  272644."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T17:06:36.735Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105505"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272644"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0003/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-47746",
    "datePublished": "2024-01-22T18:42:37.101Z",
    "dateReserved": "2023-11-09T11:31:41.193Z",
    "dateUpdated": "2025-02-13T17:18:07.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-25046 (GCVE-0-2024-25046)

Vulnerability from cvelistv5

Published

2024-04-03 12:17

Modified

2025-02-13 17:40

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7145726	vendor-advisory
	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/282953	vdb-entry
	https://security.netapp.com/advisory/ntap-20240517-0005/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25046",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T21:13:49.225147Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T21:13:55.294Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:36:21.393Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7145726"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/282953"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240517-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query.  IBM X-Force ID:  282953."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query.  IBM X-Force ID:  282953."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T18:06:43.152Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7145726"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/282953"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240517-0005/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-25046",
    "datePublished": "2024-04-03T12:17:45.191Z",
    "dateReserved": "2024-02-03T14:49:33.094Z",
    "dateUpdated": "2025-02-13T17:40:45.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35136 (GCVE-0-2024-35136)

Vulnerability from cvelistv5

Published

2024-08-14 17:36

Modified

2024-09-21 09:58

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7165341	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/291307	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35136",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T15:11:20.918274Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T15:11:35.304Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions.  IBM X-Force ID:  291307."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions.  IBM X-Force ID:  291307."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-943",
              "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-21T09:58:51.863Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7165341"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/291307"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-35136",
    "datePublished": "2024-08-14T17:36:09.003Z",
    "dateReserved": "2024-05-09T16:27:27.133Z",
    "dateUpdated": "2024-09-21T09:58:51.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0698 (GCVE-0-2008-0698)

Vulnerability from cvelistv5

Published

2008-02-12 00:00

Modified

2024-08-07 07:54

Severity ?

CWE

n/a

Summary

Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/27681	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/28771	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0401	vdb-entry, x_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:22.726Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "27681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27681"
          },
          {
            "name": "28771",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28771"
          },
          {
            "name": "ADV-2008-0401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0401"
          },
          {
            "name": "IZ05496",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving \"invalid memory access.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "27681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27681"
        },
        {
          "name": "28771",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28771"
        },
        {
          "name": "ADV-2008-0401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0401"
        },
        {
          "name": "IZ05496",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0698",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving \"invalid memory access.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "27681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27681"
            },
            {
              "name": "28771",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28771"
            },
            {
              "name": "ADV-2008-0401",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0401"
            },
            {
              "name": "IZ05496",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0698",
    "datePublished": "2008-02-12T00:00:00",
    "dateReserved": "2008-02-11T00:00:00",
    "dateUpdated": "2024-08-07T07:54:22.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27868 (GCVE-0-2023-27868)

Vulnerability from cvelistv5

Published

2023-07-08 18:46

Modified

2025-02-13 16:45

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010029	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/249516	vdb-entry
	https://security.netapp.com/advisory/ntap-20230803-0006/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010029"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249516"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27868",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T19:08:42.347709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T19:09:11.486Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249516."
            }
          ],
          "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249516."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-03T14:06:13.763Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010029"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249516"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27868",
    "datePublished": "2023-07-08T18:46:16.208Z",
    "dateReserved": "2023-03-06T20:01:41.709Z",
    "dateUpdated": "2025-02-13T16:45:35.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3475 (GCVE-0-2010-3475)

Vulnerability from cvelistv5

Published

2010-09-20 21:00

Modified

2024-08-07 03:11

Severity ?

CWE

n/a

Summary

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.

References

►

URL

Tags

	http://www.securityfocus.com/bid/43291	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2010/2425	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/61873	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/41444	third-party-advisory, x_refsource_SECUNIA
	http://www.ibm.com/support/docview.wss?uid=swg21446455	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406	vendor-advisory, x_refsource_AIXAPAR
	http://osvdb.org/68122	vdb-entry, x_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609	vdb-entry, signature, x_refsource_OVAL
	http://www.securitytracker.com/id?1024458	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.338Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43291",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/43291"
          },
          {
            "name": "ADV-2010-2425",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2425"
          },
          {
            "name": "ibm-db2-sql-security-bypass(61873)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61873"
          },
          {
            "name": "41444",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41444"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
          },
          {
            "name": "IC70406",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406"
          },
          {
            "name": "68122",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/68122"
          },
          {
            "name": "oval:org.mitre.oval:def:14609",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609"
          },
          {
            "name": "1024458",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024458"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43291",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/43291"
        },
        {
          "name": "ADV-2010-2425",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2425"
        },
        {
          "name": "ibm-db2-sql-security-bypass(61873)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61873"
        },
        {
          "name": "41444",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41444"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
        },
        {
          "name": "IC70406",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406"
        },
        {
          "name": "68122",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/68122"
        },
        {
          "name": "oval:org.mitre.oval:def:14609",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609"
        },
        {
          "name": "1024458",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024458"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3475",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43291",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/43291"
            },
            {
              "name": "ADV-2010-2425",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2425"
            },
            {
              "name": "ibm-db2-sql-security-bypass(61873)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61873"
            },
            {
              "name": "41444",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41444"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21446455",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
            },
            {
              "name": "IC70406",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406"
            },
            {
              "name": "68122",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/68122"
            },
            {
              "name": "oval:org.mitre.oval:def:14609",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609"
            },
            {
              "name": "1024458",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024458"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3475",
    "datePublished": "2010-09-20T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49350 (GCVE-0-2024-49350)

Vulnerability from cvelistv5

Published

2025-05-29 19:18

Modified

2025-05-29 19:29

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7235069

vendor-advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.1 Version: 11.1.0 ≤ 11.1.4.7 cpe:2.3:a:ibm:db2:11.1.0:::::linux:: cpe:2.3:a:ibm:db2:11.1.0:::::unix:: cpe:2.3:a:ibm:db2:11.1.0:::::aix:: cpe:2.3:a:ibm:db2:11.1.0:::::windows:: cpe:2.3:a:ibm:db2:11.1.0:::::zos:: cpe:2.3:a:ibm:db2:11.1.4.7:::::linux:: cpe:2.3:a:ibm:db2:11.1.4.7:::::unix:: cpe:2.3:a:ibm:db2:11.1.4.7:::::aix:: cpe:2.3:a:ibm:db2:11.1.4.7:::::windows:: cpe:2.3:a:ibm:db2:11.1.4.7:::::zos:: cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49350",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-29T19:29:09.140724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T19:29:27.283Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.1",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.1.4.7",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-29T19:18:06.431Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7235069"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.1.4 FP7, V11.5.9, and V12.1.1. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability."
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V11.1.4 FP7, V11.5.9, and V12.1.1. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-49350",
    "datePublished": "2025-05-29T19:18:06.431Z",
    "dateReserved": "2024-10-14T12:05:24.914Z",
    "dateUpdated": "2025-05-29T19:29:27.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4161 (GCVE-0-2020-4161)

Vulnerability from cvelistv5

Published

2020-02-19 15:15

Modified

2024-09-16 16:57

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/2874621	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/174341	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux- UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:06.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/2874621"
          },
          {
            "name": "ibm-db2-cve20204161-dos (174341)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174341"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux- UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2020-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/PR:L/AC:L/C:N/UI:N/S:U/AV:N/I:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T15:15:45",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/2874621"
        },
        {
          "name": "ibm-db2-cve20204161-dos (174341)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174341"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-18T00:00:00",
          "ID": "CVE-2020-4161",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux- UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/2874621",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 2874621 (DB2 for Linux- UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/2874621"
            },
            {
              "name": "ibm-db2-cve20204161-dos (174341)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174341"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4161",
    "datePublished": "2020-02-19T15:15:45.862651Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T16:57:54.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4438 (GCVE-0-2009-4438)

Vulnerability from cvelistv5

Published

2009-12-28 19:00

Modified

2024-09-17 00:31

Severity ?

CWE

n/a

Summary

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:20.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "name": "IC64852",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852"
          },
          {
            "name": "IC62583",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "name": "IC62543",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-28T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "name": "IC64852",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852"
        },
        {
          "name": "IC62583",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "name": "IC62543",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4438",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "IC64852",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852"
            },
            {
              "name": "IC62583",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "IC62543",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4438",
    "datePublished": "2009-12-28T19:00:00Z",
    "dateReserved": "2009-12-28T00:00:00Z",
    "dateUpdated": "2024-09-17T00:31:31.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4016 (GCVE-0-2019-4016)

Vulnerability from cvelistv5

Published

2019-03-11 22:00

Modified

2024-09-17 01:20

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/155894	vdb-entry, x_refsource_XF
	https://www.ibm.com/support/docview.wss?uid=ibm10740413	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/107398	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-db2-cve20194016-bo(155894)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155894"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
          },
          {
            "name": "107398",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107398"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-db2-cve20194016-bo(155894)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155894"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
        },
        {
          "name": "107398",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107398"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2019-4016",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-db2-cve20194016-bo(155894)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155894"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10740413",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
            },
            {
              "name": "107398",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107398"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4016",
    "datePublished": "2019-03-11T22:00:00Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T01:20:43.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52903 (GCVE-0-2024-52903)

Vulnerability from cvelistv5

Published

2025-05-01 22:15

Modified

2025-05-02 14:35

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7232336

vendor-advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 12.1.0, 12.1.1 cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::z:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::z::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52903",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-02T14:35:40.817374Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T14:35:49.449Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:z:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:z:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1.0, 12.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-01T22:15:48.366Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7232336"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-52903",
    "datePublished": "2025-05-01T22:15:48.366Z",
    "dateReserved": "2024-11-17T14:25:57.179Z",
    "dateUpdated": "2025-05-02T14:35:49.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2860 (GCVE-0-2009-2860)

Vulnerability from cvelistv5

Published

2009-08-19 17:00

Modified

2024-09-16 20:31

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg24024075	x_refsource_CONFIRM
	http://secunia.com/advisories/36313	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/2293	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:36.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "IZ52433",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
          },
          {
            "name": "36313",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36313"
          },
          {
            "name": "ADV-2009-2293",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2293"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via \"malicious packets.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-08-19T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "IZ52433",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
        },
        {
          "name": "36313",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36313"
        },
        {
          "name": "ADV-2009-2293",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2293"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2860",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via \"malicious packets.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "IZ52433",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
            },
            {
              "name": "36313",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36313"
            },
            {
              "name": "ADV-2009-2293",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2293"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2860",
    "datePublished": "2009-08-19T17:00:00Z",
    "dateReserved": "2009-08-19T00:00:00Z",
    "dateUpdated": "2024-09-16T20:31:16.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4325 (GCVE-0-2009-4325)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-09-17 02:53

Severity ?

CWE

n/a

Summary

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709	vendor-advisory, x_refsource_AIXAPAR
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT	x_refsource_CONFIRM
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702	vendor-advisory, x_refsource_AIXAPAR
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
          },
          {
            "name": "LI72709",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "name": "LI74500",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "IC64702",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "name": "LI74504",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite \"external memory\" via unknown vectors, related to a missing \"check for null pointers.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-16T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
        },
        {
          "name": "LI72709",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "name": "LI74500",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "IC64702",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "name": "LI74504",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4325",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite \"external memory\" via unknown vectors, related to a missing \"check for null pointers.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
            },
            {
              "name": "LI72709",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "LI74500",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "IC64702",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "LI74504",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4325",
    "datePublished": "2009-12-16T18:00:00Z",
    "dateReserved": "2009-12-16T00:00:00Z",
    "dateUpdated": "2024-09-17T02:53:04.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30443 (GCVE-0-2023-30443)

Vulnerability from cvelistv5

Published

2024-12-19 01:04

Modified

2024-12-19 16:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7010557

vendor-advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-19T16:26:13.537570Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-19T16:38:43.360Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. \u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T01:04:07.275Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010557"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30443",
    "datePublished": "2024-12-19T01:04:07.275Z",
    "dateReserved": "2023-04-08T15:56:40.869Z",
    "dateUpdated": "2024-12-19T16:38:43.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4154 (GCVE-0-2019-4154)

Vulnerability from cvelistv5

Published

2019-07-01 15:05

Modified

2024-09-17 02:42

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880737	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/158519	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/109024	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:36.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880737"
          },
          {
            "name": "ibm-db2-cve20194154-bo (158519)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519"
          },
          {
            "name": "109024",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/A:H/AV:L/AC:L/PR:N/C:H/UI:N/I:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-04T13:06:03",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880737"
        },
        {
          "name": "ibm-db2-cve20194154-bo (158519)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519"
        },
        {
          "name": "109024",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109024"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-27T00:00:00",
          "ID": "CVE-2019-4154",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880737",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880737 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880737"
            },
            {
              "name": "ibm-db2-cve20194154-bo (158519)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519"
            },
            {
              "name": "109024",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109024"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4154",
    "datePublished": "2019-07-01T15:05:37.747878Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:42:10.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30991 (GCVE-0-2023-30991)

Vulnerability from cvelistv5

Published

2023-10-16 22:53

Modified

2025-02-13 16:49

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7047499	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/254037	vdb-entry
	https://security.netapp.com/advisory/ntap-20231116-0005/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:45:24.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047499"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  254037."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  254037."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T15:06:18.211Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047499"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0005/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30991",
    "datePublished": "2023-10-16T22:53:03.651Z",
    "dateReserved": "2023-04-21T17:49:51.826Z",
    "dateUpdated": "2025-02-13T16:49:40.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0697 (GCVE-0-2008-0697)

Vulnerability from cvelistv5

Published

2008-02-12 00:00

Modified

2024-08-07 07:54

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	x_refsource_CONFIRM
	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/28771	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0401	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:22.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
          },
          {
            "name": "IZ03546",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546"
          },
          {
            "name": "28771",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28771"
          },
          {
            "name": "ADV-2008-0401",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0401"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
        },
        {
          "name": "IZ03546",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546"
        },
        {
          "name": "28771",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28771"
        },
        {
          "name": "ADV-2008-0401",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0401"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0697",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
            },
            {
              "name": "IZ03546",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546"
            },
            {
              "name": "28771",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28771"
            },
            {
              "name": "ADV-2008-0401",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0401"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0697",
    "datePublished": "2008-02-12T00:00:00",
    "dateReserved": "2008-02-11T00:00:00",
    "dateUpdated": "2024-08-07T07:54:22.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29752 (GCVE-0-2021-29752)

Vulnerability from cvelistv5

Published

2021-09-16 15:50

Modified

2024-09-17 03:12

Severity ?

4.4 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6489489	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/201780	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20220526-0003/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:03.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6489489"
          },
          {
            "name": "ibm-db2-cve202129752-info-disc (201780)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201780"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220526-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.9,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/C:H/AV:N/S:U/UI:N/PR:H/A:N/I:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-26T07:06:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6489489"
        },
        {
          "name": "ibm-db2-cve202129752-info-disc (201780)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201780"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220526-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-09-15T00:00:00",
          "ID": "CVE-2021-29752",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "H",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6489489",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6489489 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6489489"
            },
            {
              "name": "ibm-db2-cve202129752-info-disc (201780)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201780"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220526-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220526-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29752",
    "datePublished": "2021-09-16T15:50:17.099889Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-17T03:12:34.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4871 (GCVE-0-2005-4871)

Vulnerability from cvelistv5

Published

2007-10-06 21:00

Modified

2024-08-08 00:01

Severity ?

CWE

n/a

Summary

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

References

►

URL

Tags

	http://marc.info/?l=bugtraq&m=110495620513954&w=2	mailing-list, x_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilities/18761	vdb-entry, x_refsource_XF
	http://www.ngssoftware.com/advisories/db205012005I.txt	x_refsource_MISC
	http://secunia.com/advisories/12733/	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/12170	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20050105 IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110495620513954\u0026w=2"
          },
          {
            "name": "db2-xml-file-creation(18761)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18761"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/db205012005I.txt"
          },
          {
            "name": "12733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12733/"
          },
          {
            "name": "12170",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12170"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20050105 IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110495620513954\u0026w=2"
        },
        {
          "name": "db2-xml-file-creation(18761)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18761"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/db205012005I.txt"
        },
        {
          "name": "12733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12733/"
        },
        {
          "name": "12170",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12170"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4871",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20050105 IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110495620513954\u0026w=2"
            },
            {
              "name": "db2-xml-file-creation(18761)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18761"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/db205012005I.txt",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/db205012005I.txt"
            },
            {
              "name": "12733",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12733/"
            },
            {
              "name": "12170",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12170"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4871",
    "datePublished": "2007-10-06T21:00:00",
    "dateReserved": "2007-10-06T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31882 (GCVE-0-2024-31882)

Vulnerability from cvelistv5

Published

2024-08-14 17:46

Modified

2024-09-21 09:57

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7165338	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/287614	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1, 11.5 cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31882",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-16T17:27:55.142062Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T17:28:04.977Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.  IBM X-Force ID:  287614."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.  IBM X-Force ID:  287614."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-943",
              "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-21T09:57:21.857Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7165338"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287614"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-31882",
    "datePublished": "2024-08-14T17:46:48.338Z",
    "dateReserved": "2024-04-07T12:44:46.960Z",
    "dateUpdated": "2024-09-21T09:57:21.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37529 (GCVE-0-2024-37529)

Vulnerability from cvelistv5

Published

2024-08-14 17:44

Modified

2024-08-15 13:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-789 - Uncontrolled Memory Allocation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7165342	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/292639	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1, 11.5 cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37529",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T13:29:48.914288Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T13:30:23.243Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.  IBM X-Force ID:  294295."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.  IBM X-Force ID:  294295."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T17:44:03.110Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7165342"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292639"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-37529",
    "datePublished": "2024-08-14T17:44:03.110Z",
    "dateReserved": "2024-06-09T13:59:02.606Z",
    "dateUpdated": "2024-08-15T13:30:23.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31880 (GCVE-0-2024-31880)

Vulnerability from cvelistv5

Published

2024-10-23 01:09

Modified

2024-10-23 13:49

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7156851

vendor-advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31880",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:49:09.299428Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T13:49:17.413Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-23T01:09:30.580Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7156851"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-31880",
    "datePublished": "2024-10-23T01:09:30.580Z",
    "dateReserved": "2024-04-07T12:44:46.960Z",
    "dateUpdated": "2024-10-23T13:49:17.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27859 (GCVE-0-2023-27859)

Vulnerability from cvelistv5

Published

2024-01-22 20:02

Modified

2025-06-20 18:36

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7105503	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/249205	vdb-entry
	https://security.netapp.com/advisory/ntap-20240307-0002/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105503"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27859",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-04T13:37:56.316244Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-427",
                "description": "CWE-427 Uncontrolled Search Path Element",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T18:36:00.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases.  A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database.  IBM X-Force ID:  249205."
            }
          ],
          "value": "IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases.  A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database.  IBM X-Force ID:  249205."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T17:06:18.639Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105503"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27859",
    "datePublished": "2024-01-22T20:02:02.789Z",
    "dateReserved": "2023-03-06T20:01:41.707Z",
    "dateUpdated": "2025-06-20T18:36:00.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4386 (GCVE-0-2019-4386)

Vulnerability from cvelistv5

Published

2019-07-01 15:05

Modified

2024-09-17 03:43

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

Denial of Service

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10886809	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/162174	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/109019	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886809"
          },
          {
            "name": "ibm-db2-cve20194386-dos (162174)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162174"
          },
          {
            "name": "109019",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/I:N/AV:N/AC:L/C:N/PR:L/A:H/S:U/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-04T10:06:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886809"
        },
        {
          "name": "ibm-db2-cve20194386-dos (162174)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162174"
        },
        {
          "name": "109019",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109019"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-27T00:00:00",
          "ID": "CVE-2019-4386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10886809",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 886809 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886809"
            },
            {
              "name": "ibm-db2-cve20194386-dos (162174)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162174"
            },
            {
              "name": "109019",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109019"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4386",
    "datePublished": "2019-07-01T15:05:38.433202Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T03:43:26.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4588 (GCVE-0-2019-4588)

Vulnerability from cvelistv5

Published

2021-05-26 16:20

Modified

2024-09-16 17:33

Severity ?

7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6456029	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/167365	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210629-0004/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.393Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6456029"
          },
          {
            "name": "ibm-db2-cve20194588-code-exec (167365)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167365"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210629-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/A:H/S:U/AC:H/PR:N/I:H/UI:N/AV:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-29T09:06:12",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6456029"
        },
        {
          "name": "ibm-db2-cve20194588-code-exec (167365)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167365"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210629-0004/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00",
          "ID": "CVE-2019-4588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6456029",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6456029 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6456029"
            },
            {
              "name": "ibm-db2-cve20194588-code-exec (167365)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167365"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210629-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210629-0004/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4588",
    "datePublished": "2021-05-26T16:20:16.443799Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:33:45.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49828 (GCVE-0-2024-49828)

Vulnerability from cvelistv5

Published

2025-07-29 19:04

Modified

2025-08-17 01:23

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7240945

vendor-advisory, patch

Impacted products

	Vendor	Product	Version
	IBM	Db2	Version: 10.5.0.0 ≤ 10.5.0.11 Version: 11.1.0 ≤ 11.1.4.7 Version: 11.5.0 ≤ 11.5.9 Version: 12.1.0 ≤ 12.1.2 cpe:2.3:a:ibm:db2:10.5.0:::::linux:: cpe:2.3:a:ibm:db2:10.5.0:::::unix:: cpe:2.3:a:ibm:db2:10.5.0:::::aix:: cpe:2.3:a:ibm:db2:10.5.0:::::windows:: cpe:2.3:a:ibm:db2:10.5.0:::::zos:: cpe:2.3:a:ibm:db2:10.5.11:::::linux:: cpe:2.3:a:ibm:db2:10.5.11:::::unix:: cpe:2.3:a:ibm:db2:10.5.11:::::aix:: cpe:2.3:a:ibm:db2:10.5.11:::::windows:: cpe:2.3:a:ibm:db2:10.5.11:::::zos:: cpe:2.3:a:ibm:db2:11.1.0:::::linux:: cpe:2.3:a:ibm:db2:11.1.0:::::unix:: cpe:2.3:a:ibm:db2:11.1.0:::::aix:: cpe:2.3:a:ibm:db2:11.1.0:::::windows:: cpe:2.3:a:ibm:db2:11.1.0:::::zos:: cpe:2.3:a:ibm:db2:11.1.4.7:::::linux:: cpe:2.3:a:ibm:db2:11.1.4.7:::::unix:: cpe:2.3:a:ibm:db2:11.1.4.7:::::aix:: cpe:2.3:a:ibm:db2:11.1.4.7:::::windows:: cpe:2.3:a:ibm:db2:11.1.4.7:::::zos:: cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.1:::::linux:: cpe:2.3:a:ibm:db2:12.1.1:::::unix:: cpe:2.3:a:ibm:db2:12.1.1:::::aix:: cpe:2.3:a:ibm:db2:12.1.1:::::windows:: cpe:2.3:a:ibm:db2:12.1.1:::::zos:: cpe:2.3:a:ibm:db2:12.1.2:::::linux:: cpe:2.3:a:ibm:db2:12.1.2:::::unix:: cpe:2.3:a:ibm:db2:12.1.2:::::aix:: cpe:2.3:a:ibm:db2:12.1.2:::::windows:: cpe:2.3:a:ibm:db2:12.1.2:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-29T19:24:56.676172Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-29T19:25:10.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "Unix",
            "AIX",
            "z/OS"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "10.5.0.11",
              "status": "affected",
              "version": "10.5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.1.4.7",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.2",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/span\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2\u00a0is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-17T01:23:37.630Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7240945"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eRelease  Fixed in mod pack  APAR  Download URL\u003cbr\u003eV10.5  TBD  DT398583  Special Build for V10.5 FP11:\u003cbr\u003eAIX 64-bit\u003cbr\u003eHP-UX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 big endian\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eSolaris 64-bit, x86-64\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.1  TBD  DT398583  Special Build for V11.1.4 FP7:\u003cbr\u003eAIX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.5  TBD  DT398583  \u003cbr\u003eSpecial Build #62071 or later for V11.5.9 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eV12.1  V12.1.2  DT398583  \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\n \n\nRelease  Fixed in mod pack  APAR  Download URL\nV10.5  TBD  DT398583  Special Build for V10.5 FP11:\nAIX 64-bit\nHP-UX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 big endian\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nSolaris 64-bit, x86-64\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.1  TBD  DT398583  Special Build for V11.1.4 FP7:\nAIX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.5  TBD  DT398583  \nSpecial Build #62071 or later for V11.5.9 available at this link:\n\n https://www.ibm.com/support/pages/node/7087189 \n\nV12.1  V12.1.2  DT398583  \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-49828",
    "datePublished": "2025-07-29T19:04:20.976Z",
    "dateReserved": "2024-10-20T13:40:37.122Z",
    "dateUpdated": "2025-08-17T01:23:37.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1936 (GCVE-0-2018-1936)

Vulnerability from cvelistv5

Published

2019-04-03 13:50

Modified

2024-09-16 23:40

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10741481	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/153316	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

►

IBM

DB2

Version: 9.7
Version: 10.1
Version: 10.5

IBM

Db2

Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741481"
          },
          {
            "name": "ibm-db2-cve20181936-bo (153316)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.5"
            }
          ]
        },
        {
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-04-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:N/S:U/A:H/UI:N/I:H/AC:L/C:H/AV:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-03T13:50:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741481"
        },
        {
          "name": "ibm-db2-cve20181936-bo (153316)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153316"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-04-02T00:00:00",
          "ID": "CVE-2018-1936",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Db2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10741481",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 741481 (Db2)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741481"
            },
            {
              "name": "ibm-db2-cve20181936-bo (153316)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153316"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1936",
    "datePublished": "2019-04-03T13:50:29.611286Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T23:40:48.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38728 (GCVE-0-2023-38728)

Vulnerability from cvelistv5

Published

2023-10-16 21:27

Modified

2025-02-13 17:02

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7047489	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/262258	vdb-entry
	https://security.netapp.com/advisory/ntap-20231116-0006/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.689Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047489"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement.  IBM X-Force ID:  262258."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement.  IBM X-Force ID:  262258."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T15:06:52.932Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047489"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-38728",
    "datePublished": "2023-10-16T21:27:06.469Z",
    "dateReserved": "2023-07-25T00:01:06.101Z",
    "dateUpdated": "2025-02-13T17:02:35.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-1052 (GCVE-0-2003-1052)

Vulnerability from cvelistv5

Published

2004-08-20 04:00

Modified

2024-08-08 02:12

Severity ?

CWE

n/a

Summary

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/12826	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/archive/1/331904	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/8346	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:12:35.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-db2-gain-privileges(12826)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826"
          },
          {
            "name": "20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/331904"
          },
          {
            "name": "8346",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8346"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-08-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ibm-db2-gain-privileges(12826)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826"
        },
        {
          "name": "20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/331904"
        },
        {
          "name": "8346",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8346"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1052",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-db2-gain-privileges(12826)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826"
            },
            {
              "name": "20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/331904"
            },
            {
              "name": "8346",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8346"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1052",
    "datePublished": "2004-08-20T04:00:00",
    "dateReserved": "2004-08-19T00:00:00",
    "dateUpdated": "2024-08-08T02:12:35.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3731 (GCVE-0-2010-3731)

Vulnerability from cvelistv5

Published

2010-10-05 17:00

Modified

2024-08-07 03:18

Severity ?

CWE

n/a

Summary

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.

References

►

URL

Tags

	http://secunia.com/advisories/41686	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/46077	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/2544	vdb-entry, x_refsource_VUPEN
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539	vendor-advisory, x_refsource_AIXAPAR
	http://www.zerodayinitiative.com/advisories/ZDI-11-035	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:53.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "41686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41686"
          },
          {
            "name": "46077",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46077"
          },
          {
            "name": "oval:org.mitre.oval:def:14687",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687"
          },
          {
            "name": "IC70538",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538"
          },
          {
            "name": "IC69986",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "name": "ADV-2010-2544",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2544"
          },
          {
            "name": "IC70539",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-035"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "41686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41686"
        },
        {
          "name": "46077",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46077"
        },
        {
          "name": "oval:org.mitre.oval:def:14687",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687"
        },
        {
          "name": "IC70538",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538"
        },
        {
          "name": "IC69986",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "name": "ADV-2010-2544",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2544"
        },
        {
          "name": "IC70539",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-035"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "41686",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41686"
            },
            {
              "name": "46077",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46077"
            },
            {
              "name": "oval:org.mitre.oval:def:14687",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687"
            },
            {
              "name": "IC70538",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538"
            },
            {
              "name": "IC69986",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "ADV-2010-2544",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2544"
            },
            {
              "name": "IC70539",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-035",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-035"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3731",
    "datePublished": "2010-10-05T17:00:00",
    "dateReserved": "2010-10-05T00:00:00",
    "dateUpdated": "2024-08-07T03:18:53.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1451 (GCVE-0-2018-1451)

Vulnerability from cvelistv5

Published

2018-05-25 14:00

Modified

2024-09-16 19:10

Severity ?

CWE

File Manipulation

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22016181	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041004	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/140046	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
          },
          {
            "name": "1041004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041004"
          },
          {
            "name": "ibm-db2-cve20181451-file-overwrite(140046)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140046"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-14T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
        },
        {
          "name": "1041004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041004"
        },
        {
          "name": "ibm-db2-cve20181451-file-overwrite(140046)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140046"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-22T00:00:00",
          "ID": "CVE-2018-1451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016181",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
            },
            {
              "name": "1041004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041004"
            },
            {
              "name": "ibm-db2-cve20181451-file-overwrite(140046)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140046"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1451",
    "datePublished": "2018-05-25T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:10:42.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4333 (GCVE-0-2009-4333)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-09-17 04:24

Severity ?

CWE

n/a

Summary

The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.

References

►

URL

Tags

	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:19.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "name": "IZ38819",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-16T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "name": "IZ38819",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "IZ38819",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4333",
    "datePublished": "2009-12-16T18:00:00Z",
    "dateReserved": "2009-12-16T00:00:00Z",
    "dateUpdated": "2024-09-17T04:24:00.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3094 (GCVE-0-2014-3094)

Vulnerability from cvelistv5

Published

2014-09-04 10:00

Modified

2024-08-06 10:35

Severity ?

CWE

n/a

Summary

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21683296	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/94260	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/58616	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/69550	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21681631	x_refsource_CONFIRM
	http://secunia.com/advisories/60845	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:55.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683296"
          },
          {
            "name": "ibm-db2-cve20143094-bo(94260)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94260"
          },
          {
            "name": "IT02593",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593"
          },
          {
            "name": "58616",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58616"
          },
          {
            "name": "IT02291",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291"
          },
          {
            "name": "69550",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69550"
          },
          {
            "name": "IT02594",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594"
          },
          {
            "name": "IT02592",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681631"
          },
          {
            "name": "60845",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60845"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683296"
        },
        {
          "name": "ibm-db2-cve20143094-bo(94260)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94260"
        },
        {
          "name": "IT02593",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593"
        },
        {
          "name": "58616",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58616"
        },
        {
          "name": "IT02291",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291"
        },
        {
          "name": "69550",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69550"
        },
        {
          "name": "IT02594",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594"
        },
        {
          "name": "IT02592",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681631"
        },
        {
          "name": "60845",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60845"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3094",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683296",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683296"
            },
            {
              "name": "ibm-db2-cve20143094-bo(94260)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94260"
            },
            {
              "name": "IT02593",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593"
            },
            {
              "name": "58616",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58616"
            },
            {
              "name": "IT02291",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291"
            },
            {
              "name": "69550",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69550"
            },
            {
              "name": "IT02594",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594"
            },
            {
              "name": "IT02592",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681631",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681631"
            },
            {
              "name": "60845",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60845"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3094",
    "datePublished": "2014-09-04T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:35:55.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-43927 (GCVE-0-2022-43927)

Vulnerability from cvelistv5

Published

2023-02-17 16:51

Modified

2025-03-18 15:44

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6953759	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/241671	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6953759"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241671"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43927",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T15:43:52.927790Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T15:44:00.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used.  IBM X-Force ID:  241671."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used.  IBM X-Force ID:  241671."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-17T16:51:38.656Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6953759"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241671"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 for Linux, UNIX and Windows information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-43927",
    "datePublished": "2023-02-17T16:51:38.656Z",
    "dateReserved": "2022-10-26T15:46:22.848Z",
    "dateUpdated": "2025-03-18T15:44:00.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4094 (GCVE-0-2019-4094)

Vulnerability from cvelistv5

Published

2019-03-19 13:50

Modified

2024-09-17 02:42

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.

References

►

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10875860	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/158014	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10875860"
          },
          {
            "name": "ibm-db2-cve20194094-priv-escalation (158014)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158014"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:N/A:H/S:U/I:H/AC:L/C:H/AV:L/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-19T13:50:17",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10875860"
        },
        {
          "name": "ibm-db2-cve20194094-priv-escalation (158014)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158014"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-12T00:00:00",
          "ID": "CVE-2019-4094",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10875860",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 875860 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10875860"
            },
            {
              "name": "ibm-db2-cve20194094-priv-escalation (158014)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158014"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4094",
    "datePublished": "2019-03-19T13:50:17.326534Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:42:48.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4885 (GCVE-0-2020-4885)

Vulnerability from cvelistv5

Published

2021-06-24 18:45

Modified

2024-09-17 02:21

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

CWE

Data Manipulation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6466363	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/190909	vdb-entry, x_refsource_XF
	https://security.netapp.com/advisory/ntap-20210720-0006/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux and UNIX	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:58.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6466363"
          },
          {
            "name": "ibm-db2-cve20204885-sym-link (190909)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190909"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux and UNIX",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/PR:N/AC:L/S:U/C:N/UI:N/A:N/I:H/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:07:15",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6466363"
        },
        {
          "name": "ibm-db2-cve20204885-sym-link (190909)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190909"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-06-23T00:00:00",
          "ID": "CVE-2020-4885",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux and UNIX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "L",
              "C": "N",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6466363",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6466363 (DB2 for Linux and UNIX)",
              "url": "https://www.ibm.com/support/pages/node/6466363"
            },
            {
              "name": "ibm-db2-cve20204885-sym-link (190909)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190909"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210720-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4885",
    "datePublished": "2021-06-24T18:45:24.474273Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T02:21:01.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1426 (GCVE-0-2018-1426)

Vulnerability from cvelistv5

Published

2018-03-22 12:00

Modified

2024-09-16 21:04

Severity ?

7.4 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

Gain Access

Summary

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22013756	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/139071	x_refsource_MISC
	http://www.securityfocus.com/bid/105580	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1041012	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.073Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139071"
          },
          {
            "name": "105580",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105580"
          },
          {
            "name": "1041012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:H/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-20T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139071"
        },
        {
          "name": "105580",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105580"
        },
        {
          "name": "1041012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041012"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-15T00:00:00",
          "ID": "CVE-2018-1426",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22013756",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139071",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139071"
            },
            {
              "name": "105580",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105580"
            },
            {
              "name": "1041012",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041012"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1426",
    "datePublished": "2018-03-22T12:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T21:04:29.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47141 (GCVE-0-2023-47141)

Vulnerability from cvelistv5

Published

2024-01-22 20:07

Modified

2025-02-13 17:14

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7105497	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/270264	vdb-entry
	https://security.netapp.com/advisory/ntap-20240307-0001/

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:01:22.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105497"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270264"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47141",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-23T15:44:01.653742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T14:29:59.307Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  270264."
            }
          ],
          "value": "IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  270264."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T17:06:24.763Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105497"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270264"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-47141",
    "datePublished": "2024-01-22T20:07:33.489Z",
    "dateReserved": "2023-10-31T00:13:19.930Z",
    "dateUpdated": "2025-02-13T17:14:46.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30445 (GCVE-0-2023-30445)

Vulnerability from cvelistv5

Published

2023-07-08 18:28

Modified

2025-02-13 16:49

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/7010557	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilities/253357	vdb-entry
	https://security.netapp.com/advisory/ntap-20230731-0007/

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:21:44.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010557"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253357"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:db2_for_linux_unix_and_windows:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "db2_for_linux_unix_and_windows",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "10.5"
              },
              {
                "status": "affected",
                "version": "11.1"
              },
              {
                "status": "affected",
                "version": "11.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30445",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T19:37:20.391075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T19:38:05.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  253357."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  253357."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:39.191Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010557"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253357"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-30445",
    "datePublished": "2023-07-08T18:28:41.779Z",
    "dateReserved": "2023-04-08T15:56:40.869Z",
    "dateUpdated": "2025-02-13T16:49:26.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1450 (GCVE-0-2018-1450)

Vulnerability from cvelistv5

Published

2018-05-25 14:00

Modified

2024-09-17 02:06

Severity ?

CWE

File Manipulation

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22016181	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041004	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/140045	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
          },
          {
            "name": "1041004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041004"
          },
          {
            "name": "ibm-db2-cve20181450-file-overwrite(140045)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140045"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-14T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
        },
        {
          "name": "1041004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041004"
        },
        {
          "name": "ibm-db2-cve20181450-file-overwrite(140045)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140045"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-05-22T00:00:00",
          "ID": "CVE-2018-1450",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22016181",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
            },
            {
              "name": "1041004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041004"
            },
            {
              "name": "ibm-db2-cve20181450-file-overwrite(140045)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140045"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1450",
    "datePublished": "2018-05-25T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T02:06:11.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4692 (GCVE-0-2008-4692)

Vulnerability from cvelistv5

Published

2008-10-22 17:00

Modified

2024-08-07 10:24

Severity ?

CWE

n/a

Summary

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/46021	vdb-entry, x_refsource_XF
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22306	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/31787	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287	vendor-advisory, x_refsource_AIXAPAR
	http://www.vupen.com/english/advisories/2008/2893	vdb-entry, x_refsource_VUPEN
	http://www-01.ibm.com/support/docview.wss?uid=swg27013892	x_refsource_CONFIRM
	http://secunia.com/advisories/32368	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:24:20.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-db2-native-managed-unspecified(46021)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46021"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
          },
          {
            "name": "IZ22306",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22306"
          },
          {
            "name": "IZ22307",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307"
          },
          {
            "name": "31787",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31787"
          },
          {
            "name": "IZ22287",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287"
          },
          {
            "name": "ADV-2008-2893",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2893"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
          },
          {
            "name": "32368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ibm-db2-native-managed-unspecified(46021)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46021"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
        },
        {
          "name": "IZ22306",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22306"
        },
        {
          "name": "IZ22307",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307"
        },
        {
          "name": "31787",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31787"
        },
        {
          "name": "IZ22287",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287"
        },
        {
          "name": "ADV-2008-2893",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2893"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
        },
        {
          "name": "32368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32368"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4692",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-db2-native-managed-unspecified(46021)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46021"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
            },
            {
              "name": "IZ22306",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22306"
            },
            {
              "name": "IZ22307",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307"
            },
            {
              "name": "31787",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31787"
            },
            {
              "name": "IZ22287",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287"
            },
            {
              "name": "ADV-2008-2893",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2893"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
            },
            {
              "name": "32368",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32368"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4692",
    "datePublished": "2008-10-22T17:00:00",
    "dateReserved": "2008-10-22T00:00:00",
    "dateUpdated": "2024-08-07T10:24:20.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4329 (GCVE-0-2009-4329)

Vulnerability from cvelistv5

Published

2009-12-16 18:00

Modified

2024-09-17 00:21

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52083	vendor-advisory, x_refsource_AIXAPAR
	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3520	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/37332	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	x_refsource_CONFIRM
	http://secunia.com/advisories/37759	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:20.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IZ52083",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52083"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
          },
          {
            "name": "ADV-2009-3520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3520"
          },
          {
            "name": "37332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37332"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
          },
          {
            "name": "37759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-12-16T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IZ52083",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52083"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
        },
        {
          "name": "ADV-2009-3520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3520"
        },
        {
          "name": "37332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37332"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
        },
        {
          "name": "37759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4329",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IZ52083",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52083"
            },
            {
              "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
            },
            {
              "name": "ADV-2009-3520",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3520"
            },
            {
              "name": "37332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37332"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
            },
            {
              "name": "37759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4329",
    "datePublished": "2009-12-16T18:00:00Z",
    "dateReserved": "2009-12-16T00:00:00Z",
    "dateUpdated": "2024-09-17T00:21:28.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3194 (GCVE-0-2010-3194)

Vulnerability from cvelistv5

Published

2010-08-31 21:00

Modified

2024-08-07 03:03

Severity ?

CWE

n/a

Summary

The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2010/2225	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13841	vdb-entry, signature, x_refsource_OVAL
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/41218	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756	vendor-advisory, x_refsource_AIXAPAR
	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/61445	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-2225",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2225"
          },
          {
            "name": "oval:org.mitre.oval:def:13841",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13841"
          },
          {
            "name": "IC65762",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762"
          },
          {
            "name": "IC65749",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749"
          },
          {
            "name": "41218",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41218"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "name": "IC65756",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "name": "db2-db2dart-priv-escalation(61445)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61445"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2010-2225",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2225"
        },
        {
          "name": "oval:org.mitre.oval:def:13841",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13841"
        },
        {
          "name": "IC65762",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762"
        },
        {
          "name": "IC65749",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749"
        },
        {
          "name": "41218",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41218"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "name": "IC65756",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "name": "db2-db2dart-priv-escalation(61445)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61445"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-2225",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2225"
            },
            {
              "name": "oval:org.mitre.oval:def:13841",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13841"
            },
            {
              "name": "IC65762",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762"
            },
            {
              "name": "IC65749",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749"
            },
            {
              "name": "41218",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41218"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
            },
            {
              "name": "IC65756",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756"
            },
            {
              "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
              "refsource": "CONFIRM",
              "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
            },
            {
              "name": "db2-db2dart-priv-escalation(61445)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61445"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3194",
    "datePublished": "2010-08-31T21:00:00",
    "dateReserved": "2010-08-31T00:00:00",
    "dateUpdated": "2024-08-07T03:03:18.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45663 (GCVE-0-2024-45663)

Vulnerability from cvelistv5

Published

2024-11-21 00:22

Modified

2024-12-20 13:06

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE 789 Uncontrolled Memory Allocation

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7175943

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 11.1, 11.5, 12.1 cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows:: cpe:2.3:a:ibm:db2:12.1:::::linux:: cpe:2.3:a:ibm:db2:12.1:::::unix:: cpe:2.3:a:ibm:db2:12.1:::::aix:: cpe:2.3:a:ibm:db2:12.1:::::hp-ux:: cpe:2.3:a:ibm:db2:12.1:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45663",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T11:37:30.920712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T11:37:39.597Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-20T13:06:44.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241220-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:12.1:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1, 11.5, 12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE 789 Uncontrolled Memory Allocation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T17:23:39.726Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7175943"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-45663",
    "datePublished": "2024-11-21T00:22:03.293Z",
    "dateReserved": "2024-09-03T13:50:34.381Z",
    "dateUpdated": "2024-12-20T13:06:44.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2023-10-16 23:15

Modified

2024-11-21 08:01

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/254037	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20231116-0005/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7047499	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/254037	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231116-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7047499	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8966D805-3817-488E-B692-D15838AD3469",
              "versionEndIncluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  254037."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.1 y 11.5 es vulnerable a la Denegaci\u00f3n de Servicio con una consulta especialmente manipulada. ID de IBM X-Force: 254037."
    }
  ],
  "id": "CVE-2023-30991",
  "lastModified": "2024-11-21T08:01:11.953",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-16T23:15:10.147",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0005/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047499"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-02-17 17:15

Modified

2024-11-21 07:27

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/241671	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6953759	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/241671	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6953759	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used.  IBM X-Force ID:  241671."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows 10.5, 11.1 y 11.5 es vulnerable a la divulgaci\u00f3n de informaci\u00f3n debido a una gesti\u00f3n inadecuada de privilegios cuando se utiliza un acceso a tablas especialmente manipulado. ID de IBM X-Force: 241671."
    }
  ],
  "id": "CVE-2022-43927",
  "lastModified": "2024-11-21T07:27:22.227",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-17T17:15:11.333",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241671"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6953759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6953759"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-22 20:15

Modified

2024-11-21 08:29

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/270750	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240307-0002/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7105496	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/270750	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0002/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7105496	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
hp	hp-ux	-
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23E4D44-3305-407B-92C5-8190434A59DC",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "760B31B3-509C-49E4-BB2C-B48E33782141",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) \n\n10.5, 11.1 and 11.5\n\n could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  270750."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.1, 10.5 y 11.1 podr\u00eda permitir que un usuario autenticado con privilegios CONNECT provoque una denegaci\u00f3n de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 270750."
    }
  ],
  "id": "CVE-2023-47158",
  "lastModified": "2024-11-21T08:29:52.553",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-22T20:15:47.077",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105496"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-11-21 11:15

Modified

2025-08-08 15:48

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7175943	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20241220-0003/	Third Party Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	12.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7ABF45-1720-49F0-AA78-E4C06815F3C5",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECBD1085-509F-49E6-9DB0-1015F7B63955",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AB57B8A-CE58-49FC-9DEA-E48137341283",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2024-45663",
  "lastModified": "2025-08-08T15:48:23.163",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-21T11:15:34.627",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7175943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20241220-0003/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=110495554227717&w=2
cve@mitre.org	http://secunia.com/advisories/12733/	Patch, Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IY62297
cve@mitre.org	http://www.nextgenss.com/advisories/db205012005H.txt	Patch
cve@mitre.org	http://www.securityfocus.com/bid/11404
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17617
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=110495554227717&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12733/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IY62297
af854a3a-2127-422b-91ae-364da2661108	http://www.nextgenss.com/advisories/db205012005H.txt	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11404
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17617

Impacted products

	Vendor	Product	Version
	ibm	db2	8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8190EC6B-BA0D-498D-8ECB-2E37D8742A29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument."
    }
  ],
  "id": "CVE-2005-4870",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110495554227717\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12733/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY62297"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.nextgenss.com/advisories/db205012005H.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11404"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110495554227717\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12733/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY62297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.nextgenss.com/advisories/db205012005H.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17617"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-04 02:15

Modified

2024-11-21 08:19

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/264809	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240119-0001/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7087149	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/264809	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240119-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7087149	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "741C6733-B8A4-4C32-B538-FB4347841242",
              "versionEndIncluding": "10.5.0.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "760B31B3-509C-49E4-BB2C-B48E33782141",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table.  IBM X-Force ID:  264809."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegaci\u00f3n de servicio con un comando RUNSTATS especialmente manipulado en una tabla de 8 TB. ID de IBM X-Force: 264809."
    }
  ],
  "id": "CVE-2023-40687",
  "lastModified": "2024-11-21T08:19:58.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-04T02:15:07.077",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264809"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087149"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-04-26 20:15

Modified

2024-11-21 07:53

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249196	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230511-0010/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6985667	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249196	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230511-0010/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6985667	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3",
              "versionEndExcluding": "11.1.4",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery.  IBM X-Force ID:  249196."
    }
  ],
  "id": "CVE-2023-27559",
  "lastModified": "2024-11-21T07:53:08.623",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-26T20:15:09.900",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249196"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985667"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-09-20 22:00

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471.

References

URL	Tags
cve@mitre.org	http://osvdb.org/68121
cve@mitre.org	http://secunia.com/advisories/41444	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015	Vendor Advisory
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg21446455	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/43291
cve@mitre.org	http://www.securitytracker.com/id?1024457
cve@mitre.org	http://www.vupen.com/english/advisories/2010/2425	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/61872
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/68121
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41444	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21446455	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/43291
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024457
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2425	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/61872
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions\u0027 owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.7 anteriores a FP3 no realiza las descargas esperadas o invalidaciones de las funciones dependientes de una p\u00e9rdida de privilegios por los propietarios de las funciones, que permite a los usuarios remotos autenticados eludir las restricciones de acceso a trav\u00e9s de llamadas a estas funciones, una vulnerabilidad diferente de CVE-2009-3471"
    }
  ],
  "id": "CVE-2010-3474",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-09-20T22:00:04.250",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/68121"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41444"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/43291"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024457"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2425"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61872"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/68121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/43291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-05-05 21:15

Modified

2025-05-13 19:43

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7232529	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A9058600-75B6-4228-9B77-C6DAF915F158",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "A7C9B6A1-749A-4388-AC61-318F79DB4519",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "C7DD6EFE-C2DA-42BC-931C-4C347F49BE72",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "685E5B9C-F82E-4BF5-84D2-709CA5FB7F3A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "41FD572B-97C2-4734-BCE7-2F9D59D38C22",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "21C731C8-8712-4B60-852E-70B5EB61C43A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\n\n\nunder specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5.0 a 11.5.9 y 12.1.0 a 12.1.1 bajo configuraciones espec\u00edficas podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio debido a una liberaci\u00f3n insuficiente de recursos de memoria asignados."
    }
  ],
  "id": "CVE-2025-0915",
  "lastModified": "2025-05-13T19:43:01.217",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-05T21:15:46.970",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7232529"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581	Exploit
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959	Exploit, Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors."
    },
    {
      "lang": "es",
      "value": "El componente Install en IBM DB2 v9.5 anterior FP5 y v9.7 anterior a FP1, configura las secuencias de comandos High Availability (HA) los permisos de archivos y la autorizaci\u00f3n de configuraci\u00f3n de manera incorrecta, lo que supone un impacto y vectores de ataque locales desconocidos."
    }
  ],
  "id": "CVE-2009-4331",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.517",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-07-25 10:42

Modified

2025-04-11 00:51

Severity ?

Summary

Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/49919
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21600837
psirt@us.ibm.com	http://www.securityfocus.com/bid/54487
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49919
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21600837
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54487

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1.0.1
ibm	db2	9.1.0.2
ibm	db2	9.1.0.2
ibm	db2	9.1.0.3
ibm	db2	9.1.0.3
ibm	db2	9.1.0.4
ibm	db2	9.1.0.4
ibm	db2	9.1.0.5
ibm	db2	9.1.0.6
ibm	db2	9.1.0.6
ibm	db2	9.1.0.7
ibm	db2	9.1.0.7
ibm	db2	9.1.0.8
ibm	db2	9.1.0.9
ibm	db2	9.1.0.10
ibm	db2	9.1.0.11
ibm	db2	9.5
ibm	db2	9.5.0.1
ibm	db2	9.5.0.2
ibm	db2	9.5.0.2
ibm	db2	9.5.0.3
ibm	db2	9.5.0.3
ibm	db2	9.5.0.3
ibm	db2	9.5.0.4
ibm	db2	9.5.0.4
ibm	db2	9.5.0.5
ibm	db2	9.5.0.6
ibm	db2	9.5.0.7
ibm	db2	9.5.0.8
ibm	db2	9.5.0.9
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.8
ibm	db2	9.8.0.3
ibm	db2	9.8.0.4
ibm	db2	9.8.0.5
ibm	db2	10.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "04A3E057-5DD6-494F-9195-BB57BA107877",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B2D2913-079E-41D5-975D-DB62309ED9BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "0A7D0F90-0DEB-49BD-B753-BB832B0554CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC88935-B62C-4510-8246-2E0E9D63DF57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "A687DD0E-0212-4F2F-AF24-8DCB3AF60C3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2FAF674-6583-4BA1-BE1F-6CF14D129036",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.4:a:*:*:*:*:*:*",
              "matchCriteriaId": "FC4C04EA-8A95-423E-9EDC-1F29B42C8065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D21588-6838-48A3-86E5-1ADFE71951E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB96916D-C245-4CEA-B435-FAF4454E3251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.6:a:*:*:*:*:*:*",
              "matchCriteriaId": "C6814580-113F-498D-AC07-425C970059DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CE1063-6DAF-484D-A0B2-6F4D6F18B39B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.7:a:*:*:*:*:*:*",
              "matchCriteriaId": "15E1897A-FEC0-47CB-AC32-0787A8B236B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "87956B68-68C7-4CEB-AA74-454F1DC26DBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "252B1BCD-D326-4425-A923-B05BB32D08BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8D741D-4F55-4BE4-ADA6-ADDAC02E5A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8336EA8D-BD3C-4B25-80C1-A85F64328039",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D26FF3-1D40-49D6-A5BB-284FE1B89288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A2E9C9-8EB4-4127-8278-E976D4D3B7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "DC1ED577-3F11-415F-90C8-62B9EC21CA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E054B24-704E-4C05-8E58-3FE0A04D84EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "4C72E084-0266-4389-B8BB-202292D47DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:b:*:*:*:*:*:*",
              "matchCriteriaId": "008B98FD-1DE2-4323-B20E-7BD422EB6771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12C4D6E-7AF9-44F9-9389-F9CA7409C41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.4:a:*:*:*:*:*:*",
              "matchCriteriaId": "8A1C889C-885B-4DB3-A5F4-89A0B1DE0F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C13BB7FD-718B-499E-87C7-637D2A2E3D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.6:a:*:*:*:*:*:*",
              "matchCriteriaId": "267FE109-013A-482E-8078-161FA0991973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F30C1B-0799-49A2-BAA5-26A6030B7682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4E4D16-3C35-42BD-A131-AF0DFC2D20AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7D92A9-BC9A-4F56-AEA6-CE06C7688070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "734E79E6-4A83-4CBF-B8B3-2D6D4491728E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3631F758-5C8F-4D24-81C1-D6146B0209CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB6E617-98EA-4944-9211-FFEE9E50FE55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de salto de directorio en el procedimiento almacenado SQLJ.DB2_INSTALL_JAR en IBM DB2 v9.1 antes de FP12, v9.5 hasta FP9, v9.7 hasta FP6, v9.8 hasta FP5 y v10.1 permite a atacantes remotos reemplazar los archivos JAR a trav\u00e9s de vectores no especificados.\r\n"
    }
  ],
  "id": "CVE-2012-2194",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-25T10:42:34.680",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/49919"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/54487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54487"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-09-11 01:13

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/29022
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043	Patch
cve@mitre.org	http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45134
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29022
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45134

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "512B9F94-00CE-4479-B3EA-91D74097CB61",
              "versionEndIncluding": "8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "7FC6A358-2290-4E14-B4FE-05195992C05D",
              "versionEndIncluding": "8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2418C923-2F94-4FAF-A9BD-D1C436308C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "18D59696-A477-4397-BC14-4EF69DAFA262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "BBABCAC8-0E04-44FC-BF1A-88CACB28E644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "AC318EEC-AFE5-4070-8711-B6560143CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "5F02B3A6-F771-4F6A-A1E8-5E3EC1080272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "DCF379F0-6D58-47A9-849E-C48D13496C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8AEBA7BD-E897-438E-8DD5-7AB5490AB931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BAA746B2-AC20-49D3-B8C6-655C268CB253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "0FEC5C8E-9B3E-457F-8871-1EB172DBA7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "AC4145E1-A805-4E64-904C-03B0B13BADBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "281B0499-11FD-4B99-B402-B44B609469E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "385C934A-4374-491C-8A61-EBCC5E72AF24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "286E4585-57F7-428D-B9C2-63B33FA2BF5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "E89ACCE1-873B-4C4A-A64B-F344F96C2C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D7ACC0-4CF4-4B60-902C-C47DFCD097A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "55ABF9A3-7776-4C0B-A6CC-45955E42DA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "9DF77950-22DE-4BA2-A10F-10953F6119E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "57F66472-61EC-4467-ACF6-2893BF9E4050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "403EF6EC-9EEF-40F1-BA5C-F6211AADC9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "2CE8E119-58C7-4BF0-9C74-93F44E4FC732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "2F16D689-D091-47AA-96EC-6B419D4A6CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "AAEFCEBE-4CBC-4301-BEC6-9D9C9C3E0539",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request."
    },
    {
      "lang": "es",
      "value": "IBM DB2 UDB 8.1 anterior FixPak 16, y v8.2 anterior al FixPak 9, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de instancia) a trav\u00e9s de un flujo de datos CONNECT/ATTACH manipulado que simula una petici\u00f3n cliente connect/attach V7."
    }
  ],
  "id": "CVE-2008-3959",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-11T01:13:47.557",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45134"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-08 11:55

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/62092
psirt@us.ibm.com	http://secunia.com/advisories/62093
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21688051	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21693197
psirt@us.ibm.com	http://www.securityfocus.com/bid/71006
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/97708
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62092
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62093
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21688051	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21693197
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71006
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/97708

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.7 anterior a FP10, 9.8 hasta FP5, 10.1 hasta FT4, y 10.5 hasta FP4 en Linux, UNIX, y Windows, cuando immediate AUTO_REVAL est\u00e1 habilitado, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una declaraci\u00f3n ALTER TABLE manipulada."
    }
  ],
  "id": "CVE-2014-6159",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-08T11:55:02.677",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/62092"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/62093"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688051"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/71006"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97708"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-09 17:15

Modified

2024-11-21 06:01

Severity ?

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/199914	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20220114-0002/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6523806	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/199914	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220114-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6523806	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:-:*:*",
              "matchCriteriaId": "CC97D272-ABEE-4FA3-BE61-67AAD2A8D281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00eda permitir a un usuario con autoridad DBADM acceder a otras bases de datos y leer o modificar archivos. IBM X-Force ID: 199914"
    }
  ],
  "id": "CVE-2021-29678",
  "lastModified": "2024-11-21T06:01:37.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-09T17:15:07.630",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199914"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523806"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-08-21 20:04

Modified

2025-04-03 01:03

Severity ?

Summary

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/21550	Patch, Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg24013114	Patch
cve@mitre.org	http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml
cve@mitre.org	http://www.securityfocus.com/archive/1/445298/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/454307/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19586
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3328	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21550	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg24013114	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/445298/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/454307/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19586
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3328	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1.4
ibm	db2	8.1.4
ibm	db2	8.1.4
ibm	db2	8.1.4
ibm	db2	8.1.4
ibm	db2	8.1.5
ibm	db2	8.1.5
ibm	db2	8.1.5
ibm	db2	8.1.5
ibm	db2	8.1.5
ibm	db2	8.1.6
ibm	db2	8.1.6
ibm	db2	8.1.6
ibm	db2	8.1.6
ibm	db2	8.1.6
ibm	db2	8.1.6c
ibm	db2	8.1.6c
ibm	db2	8.1.6c
ibm	db2	8.1.6c
ibm	db2	8.1.6c
ibm	db2	8.1.7
ibm	db2	8.1.7
ibm	db2	8.1.7
ibm	db2	8.1.7
ibm	db2	8.1.7
ibm	db2	8.1.7b
ibm	db2	8.1.7b
ibm	db2	8.1.7b
ibm	db2	8.1.7b
ibm	db2	8.1.7b
ibm	db2	8.1.8
ibm	db2	8.1.8
ibm	db2	8.1.8
ibm	db2	8.1.8
ibm	db2	8.1.8
ibm	db2	8.1.8a
ibm	db2	8.1.8a
ibm	db2	8.1.8a
ibm	db2	8.1.8a
ibm	db2	8.1.8a
ibm	db2	8.1.9
ibm	db2	8.1.9
ibm	db2	8.1.9
ibm	db2	8.1.9
ibm	db2	8.1.9
ibm	db2	8.1.9a
ibm	db2	8.1.9a
ibm	db2	8.1.9a
ibm	db2	8.1.9a
ibm	db2	8.1.9a
ibm	db2	8.2
ibm	db2	8.10
ibm	db2	8.10
ibm	db2	8.10
ibm	db2	8.12
ibm	db2	8.12
ibm	db2	8.12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:aix:*:*:*:*:*",
              "matchCriteriaId": "CFCC258E-BF48-4D05-805D-25F74A1BD4FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "C937B416-678E-49BF-90A9-271A00DAF35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:os_390:*:*:*:*:*",
              "matchCriteriaId": "3D57D2F4-6A8D-47E6-ADB6-A1D6FFE464C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:aix:*:*:*:*:*",
              "matchCriteriaId": "0864138D-6D70-4D85-A623-570CF08FC8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "3E6D6AF7-1083-45B6-8EEF-1C80CC4479FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "0A847132-100A-4109-B890-803D297CB0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "98CA5DB1-AEB0-4F4E-A5CC-FC9F5929A29C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "7AAB0F57-3E37-4604-842F-372A963CCDF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:aix:*:*:*:*:*",
              "matchCriteriaId": "E1A207FA-1E31-4E62-B0B5-EF86F4627692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "C9321C42-CAF0-4079-9389-17B2E3AE34D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:linux:*:*:*:*:*",
              "matchCriteriaId": "70FDFE4D-769C-4C7A-BCC7-217E05E5AED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "F0898B3F-D18E-45CF-9D82-CCBC820727EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:windows:*:*:*:*:*",
              "matchCriteriaId": "F441845B-9E1F-491C-A5D9-816F6649F00B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:aix:*:*:*:*:*",
              "matchCriteriaId": "DD4D9995-B739-4C5D-92C7-372B9AB2BD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "7FA427F3-DD47-4359-8514-F02C398A8E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:linux:*:*:*:*:*",
              "matchCriteriaId": "A220316D-6D0C-47A7-994E-1D8A2CF5D628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "1C64CAA9-5BE7-4600-AF7E-9CE480861BF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:windows:*:*:*:*:*",
              "matchCriteriaId": "E076BD5E-5A25-4EBA-BC8F-FDE8D63FA595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:aix:*:*:*:*:*",
              "matchCriteriaId": "0861D4F3-46F1-4A9F-B2A9-4A6756E9706C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "CB16643D-7BD5-41F3-AA61-F6640EDE22CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:linux:*:*:*:*:*",
              "matchCriteriaId": "29EED40E-A3A2-4F25-8627-2FF60C94BC19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "E75FED7D-2B5C-4C7D-AF3A-956F2FF8C149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:windows:*:*:*:*:*",
              "matchCriteriaId": "BE40BCCF-93BB-4B32-8E55-0BD9532E3BF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6c:*:aix:*:*:*:*:*",
              "matchCriteriaId": "5E0C7B84-66C4-4FE5-9412-FBD5DBB4323E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6c:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "46320B9E-3FA7-4AF6-80ED-7A89C2678F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6c:*:linux:*:*:*:*:*",
              "matchCriteriaId": "32041E5A-2DF1-46FA-A520-FFD451AE30BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6c:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "43A1F69A-49B6-43E5-A0E2-2572EBBB49C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6c:*:windows:*:*:*:*:*",
              "matchCriteriaId": "F05D503A-106D-4192-A1E4-BDB5535ACC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:aix:*:*:*:*:*",
              "matchCriteriaId": "38F090EF-53EE-4F21-9B8B-C8C42AD4C121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "828C5C06-4711-4C57-9657-3CAAAF76DCF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:linux:*:*:*:*:*",
              "matchCriteriaId": "BF84E6DF-D9E3-4835-BCE1-2B47DB9DC5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "A7C1ED00-7D98-4F8E-B6A8-C9C16B27196E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:windows:*:*:*:*:*",
              "matchCriteriaId": "7757DA05-C0A8-49EC-99D4-99AE95CBB2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7b:*:aix:*:*:*:*:*",
              "matchCriteriaId": "3C334DEF-07A5-4377-85C1-D3623A0904FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7b:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "9E1A0923-FCFB-4669-B3C7-7EC65B7CA288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7b:*:linux:*:*:*:*:*",
              "matchCriteriaId": "34F3CA5A-9FBF-4B35-851D-7A2D6FB0613F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7b:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "9CF93B79-4866-448C-A230-4C2F8AAB467B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7b:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6EFCAD6F-4741-41B9-AE3E-5F02B8DD90C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8:*:aix:*:*:*:*:*",
              "matchCriteriaId": "E70C9CA6-890A-4E8D-A625-82538402D336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "07F0C470-B9D9-4327-A918-FEAEC1BF9436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8:*:linux:*:*:*:*:*",
              "matchCriteriaId": "5D454393-D17F-48DB-84DA-05E61D8805F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "61C20E8F-04F8-4609-BC49-C71A2C01739C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8:*:windows:*:*:*:*:*",
              "matchCriteriaId": "4ADB7290-1954-4873-9B90-772704B2177C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:aix:*:*:*:*:*",
              "matchCriteriaId": "2D5AB9D5-D732-4C6C-9BCC-6DBA3809780B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "33A46387-BA75-4ECE-AFC0-EF69425E0940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:linux:*:*:*:*:*",
              "matchCriteriaId": "7EAD4BCC-88F8-4ED8-A5ED-4E5EFC66CDAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "4540F5C4-B859-4AFD-88ED-029700785D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6A224945-8A17-4DBD-BB14-8E8BD476A904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:aix:*:*:*:*:*",
              "matchCriteriaId": "8944A5FC-6258-4740-9373-491F8C41DD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "C99162AE-739B-497B-94B2-7EEA79C5812D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:linux:*:*:*:*:*",
              "matchCriteriaId": "5D1B08DC-F52B-439B-827D-4BE4ECA78A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "4313BEDA-BCC5-47E6-934B-58AE8DD21FD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:windows:*:*:*:*:*",
              "matchCriteriaId": "D3DE2356-73EB-47D4-BEEF-E9AB8B1FF0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9a:*:aix:*:*:*:*:*",
              "matchCriteriaId": "4C3AA6C4-7700-4637-8B75-ABED7D8993A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9a:*:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "E9A95C89-E9CC-49A2-8395-F3D89774966D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9a:*:linux:*:*:*:*:*",
              "matchCriteriaId": "B730265C-358D-4BBF-8B40-48D943114E3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9a:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "719F646C-3958-4469-9C17-430E394E8D70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9a:*:windows:*:*:*:*:*",
              "matchCriteriaId": "86D936F6-2DC0-4BC3-943E-A5C9F2319206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:*:linux:*:*:*:*:*",
              "matchCriteriaId": "67C33265-E3BC-406B-9986-E977CDE768FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.10:*:linux:*:*:*:*:*",
              "matchCriteriaId": "7ED5600A-BD0C-4E48-A8B5-6833883A8981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.10:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "1CD16421-5F61-46EB-B23C-2267DA0B5FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.10:*:windows:*:*:*:*:*",
              "matchCriteriaId": "F680EF69-C60C-482A-A301-E335EBB34217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.12:*:linux:*:*:*:*:*",
              "matchCriteriaId": "4CC41143-ADD4-47D0-876A-5C3AB6E94CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.12:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "00C357A5-DCAF-4F5C-9B83-144D0AB74F02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.12:*:windows:*:*:*:*:*",
              "matchCriteriaId": "47D6DC83-FEBC-4C0B-A774-C55775BB2DF6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference."
    },
    {
      "lang": "es",
      "value": "IBM DB2 Universal Database (UDB) anterior a 8.1 FixPak 13 permite a atacantes autenticados remotamente provocar una denegaci\u00f3n de servicio (ca\u00edda) (1) enviando el primer comando ACCSEC sin un par\u00e1metro RDBNAM durante el proceso de conexi\u00f3n (CONNECT), o (2) enviando paquetes SQLJRA manipulados, lo cual resulta en una referencia a nulo."
    }
  ],
  "id": "CVE-2006-4257",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-21T20:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21550"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013114"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/445298/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/454307/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19586"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/445298/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/454307/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3328"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-16 22:15

Modified

2024-11-21 08:14

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/262613	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20231116-0007/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7047489	Not Applicable
nvd@nist.gov	https://www.ibm.com/support/pages/node/7047554	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/262613	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231116-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7047489	Not Applicable

Impacted products

Vendor	Product	Version
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8966D805-3817-488E-B692-D15838AD3469",
              "versionEndIncluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement.  IBM X-Force ID:  262613."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 es vulnerable a una Denegaci\u00f3n de Servicio con una declaraci\u00f3n SQL especialmente manipulada. ID de IBM X-Force: 262613."
    }
  ],
  "id": "CVE-2023-38740",
  "lastModified": "2024-11-21T08:14:09.197",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-16T22:15:12.057",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047489"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047489"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856	Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack."
    },
    {
      "lang": "es",
      "value": "El componente Install en IBM DB2 UDB v9.5 anterior a FP6a sobre Linux, UNIX y Windows, tiene una limitaci\u00f3n en el n\u00famero de caracteres en la longitud de una contrase\u00f1a, lo que facilita a atacantes acceder a trav\u00e9s de un ataque de fuerza bruta."
    }
  ],
  "id": "CVE-2010-3734",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-05T18:00:33.253",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-02-23 22:28

Modified

2025-04-09 00:30

Severity ?

Summary

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	Broken Link
cve@mitre.org	http://osvdb.org/40971	Broken Link
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	Patch, Vendor Advisory
cve@mitre.org	http://www.attrition.org/pipermail/vim/2007-August/001765.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/22677	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32652	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/40971	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.attrition.org/pipermail/vim/2007-August/001765.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22677	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32652	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1.4
ibm	db2	8.1.5
ibm	db2	8.1.6
ibm	db2	8.1.6c
ibm	db2	8.1.7
ibm	db2	8.1.7b
ibm	db2	8.1.8
ibm	db2	8.1.8a
ibm	db2	8.1.9
ibm	db2	8.1.9a
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1FC760-D058-4DE6-80B3-F3AA22757A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8190EC6B-BA0D-498D-8ECB-2E37D8742A29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "5F02B3A6-F771-4F6A-A1E8-5E3EC1080272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "DCF379F0-6D58-47A9-849E-C48D13496C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "05154E69-63D7-4F51-89F5-1199A3E6E074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B729909-4377-4472-94C4-432CD89BCF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC320999-569A-48AA-92B7-CDE8394BBC39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA7BA56-F167-4236-A725-B2F38D6B0D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F97F5666-4502-437D-AA81-8C0488CD73B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDB5A77-3D2C-4142-9448-1542D9C99A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFAAAD6-56E0-48FE-8D9E-13BD13D6A776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C77B11-C53E-49E7-9C49-2C574390B609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF6FFCD-E744-4D45-8BDD-32ADC94AD655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4837F6EC-4E0D-480B-8DF4-BD0DA49394A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en IBM DB2 8.x anterior a 8.1 FixPak 15 y 9.1 anterior a Fix Pack 2 permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadenas largas en variables no especificadas de entorno."
    }
  ],
  "id": "CVE-2007-1088",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-23T22:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40971"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22677"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32652"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-23 17:15

Modified

2024-11-21 05:33

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/185589	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210129-0009/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6391652	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/185589	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210129-0009/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6391652	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the \"DB2 Management Service\"."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00edan permitir a un atacante local causar una denegaci\u00f3n de servicio dentro del \"DB2 Management Service\""
    }
  ],
  "id": "CVE-2020-4642",
  "lastModified": "2024-11-21T05:33:01.863",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-23T17:15:13.137",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210129-0009/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6391652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210129-0009/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6391652"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-10-23 21:47

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/27177	Patch, Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21283031	Patch
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21255607
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg1LI72519
cve@mitre.org	http://www.securityfocus.com/bid/26450
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3538	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3867	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27177	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21283031	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21255607
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1LI72519
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26450
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3538	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3867	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "640963CF-2820-4FE3-BF58-4C70912B1C00",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption.  NOTE: the vendor description of this issue is too vague to be certain that it is security-related."
    },
    {
      "lang": "es",
      "value": "IBM DB2 UDB versi\u00f3n 9.1 anterior a Fixpak 4, no administra apropiadamente el almacenamiento de una lista que contiene informaci\u00f3n de autenticaci\u00f3n, lo que podr\u00eda permitir a atacantes causar una denegaci\u00f3n de servicio (bloqueo de instancia) o desencadenar corrupci\u00f3n de memoria. NOTA: la descripci\u00f3n del proveedor de este problema es demasiado vaga para ser cierto que est\u00e1 relacionada con la seguridad."
    }
  ],
  "id": "CVE-2007-5652",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-23T21:47:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27177"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?rs=71\u0026uid=swg21283031"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1LI72519"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26450"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3538"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?rs=71\u0026uid=swg21283031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1LI72519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3867"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-01 15:15

Modified

2024-11-21 04:43

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/109024	Broken Link, Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/158519	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10880737	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109024	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/158519	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10880737	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1.0.0
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.1.0.6
ibm	db2	10.5.0.0
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	10.5.0.8
ibm	db2	10.5.0.9
ibm	db2	10.5.0.10
ibm	db2	11.1.0.0
ibm	db2	11.1.1.1
ibm	db2	11.1.2.2
ibm	db2	11.1.3.3
ibm	db2	11.1.4.4
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19D90B2-0B71-498B-8428-B27950E1D2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E036B621-7EE1-41E0-AAEC-D13FCB17B2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB95E38-7A78-4798-B0E2-814DAE1153A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B95F778-8E2B-4A6D-BA3B-254F87B492BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B40593-EA0D-4134-BBA0-35DA70D3C6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "177780EE-76F9-41D9-83C9-48C5DFCF8702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E38BC34-066B-4B4D-929F-4E5C6BCB1442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23910ECC-960A-44DF-BA8D-C1553D088EAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.1 es vulnerable a un desbordamiento de b\u00fafer, lo que podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario en el sistema como root. IBM X-Force ID: 158519."
    }
  ],
  "id": "CVE-2019-4154",
  "lastModified": "2024-11-21T04:43:15.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-01T15:15:12.227",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109024"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880737"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-09-21 13:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/105390	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1042175	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/146369	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10729983	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105390	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042175	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/146369	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10729983	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podr\u00eda permitir a un usuario local obtener privilegios debido a que se permite la modificaci\u00f3n de columnas en tareas existentes. IBM X-Force ID: 146369."
    }
  ],
  "id": "CVE-2018-1711",
  "lastModified": "2024-11-21T04:00:14.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-21T13:29:00.983",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105390"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042175"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146369"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729983"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417	Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The \"Query Compiler, Rewrite, Optimizer\" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time."
    },
    {
      "lang": "es",
      "value": "El componente Query Compiler, Rewrite, Optimizer en IBM DB2 UDB v9.5 anterior a FP6a, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una petici\u00f3n que involucra a determinadas vistas UNION ALL, lo que conduce un tiempo de compilaci\u00f3n muy elevado o indefinido."
    }
  ],
  "id": "CVE-2010-3735",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-05T18:00:33.317",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-25 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21611040	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/77924
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21611040	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/77924

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2_connect	10.1
microsoft	windows_2000	*
microsoft	windows_2003_server	*
microsoft	windows_7	*
microsoft	windows_server_2008	*
microsoft	windows_vista	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A610D9B-35CC-4D39-A2D7-C6E56DA82780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en el m\u00f3dulo UTL_FILE en IBM DB2 y DB2 Connect v10.1 antes de FP1 en Windows permite a usuarios remotos autenticados modificar, eliminar o leer archivos de su elecci\u00f3n a trav\u00e9s de una ruta en el campo Archivo (\u0027file\u0027).\r\n"
    }
  ],
  "id": "CVE-2012-3324",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-25T20:55:01.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611040"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77924"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-24 19:15

Modified

2024-11-21 06:01

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/200659	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6466371	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/200659	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6466371	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659."
    },
    {
      "lang": "es",
      "value": "Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor termina de forma anormal cuando se ejecuta una sentencia SELECT especialmente dise\u00f1ada. IBM X-Force ID: 200659"
    }
  ],
  "id": "CVE-2021-29703",
  "lastModified": "2024-11-21T06:01:40.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-24T19:15:08.420",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200659"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466371"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-01 15:15

Modified

2024-11-21 05:32

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/178507	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6242350	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/178507	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6242350	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	10.1.0.0
ibm	db2	10.5.0.0
ibm	db2	11.1.0.0
ibm	db2	11.5.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E94B9A7-5DF7-4F52-B87F-094A50010F79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegaci\u00f3n de servicio, causada por el manejo inapropiado de las peticiones de renegociaci\u00f3n Secure Sockets Layer (SSL). Mediante el env\u00edo de peticiones especialmente dise\u00f1adas, un atacante remoto podr\u00eda explotar esta vulnerabilidad para aumentar el uso de recursos en el sistema. IBM X-Force ID: 178507"
    }
  ],
  "id": "CVE-2020-4355",
  "lastModified": "2024-11-21T05:32:38.147",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-01T15:15:14.547",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242350"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-06-27 16:29

Modified

2025-04-20 01:37

Severity ?

7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22003877	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/99264	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1038773
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/120668	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22003877	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99264	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038773
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/120668	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	data_server_client	-
ibm	data_server_driver_for_odbc_and_cli	-
ibm	data_server_driver_package	-
ibm	data_server_runtime_client	-
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2_connect	9.7
ibm	db2_connect	9.7
ibm	db2_connect	9.7
ibm	db2_connect	10.1
ibm	db2_connect	10.1
ibm	db2_connect	10.1
ibm	db2_connect	10.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5
ibm	db2_connect	11.1.0.0
ibm	db2_connect	11.1.0.0
ibm	db2_connect	11.1.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:data_server_client:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDE6939-06D6-4DD1-BE95-E0724B72AC05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:data_server_driver_for_odbc_and_cli:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "710BA2FD-B8AD-4D5A-8626-5C5AB64F2989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:data_server_driver_package:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAA3FCC-ED16-4FAC-ACFB-AD9C87E98FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:data_server_runtime_client:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8021311A-FAFB-4AE7-8EEC-4D4E1C29F9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "56AA8839-8926-40F1-BB9A-AB648DE7F272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "6ABE0FCB-8E32-4AB6-A8D8-79159FCDD889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "5D92ADEC-6ED8-4B07-AB75-204AED0BF896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "A2E6CBD8-7DD7-44F7-8F5D-D79074561AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "5273074C-9C2F-458C-9333-BD16B59008CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "3F75FF9A-AAAE-4EFA-B698-230B5CCD0940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4D38B30C-4CC3-43C9-9360-0A79C36A222F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "3599AC98-ACD3-4A09-9764-080A6B8F56A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "44010A01-4E33-4A6D-83DE-6235AEEE90F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F40068BF-82CC-43D5-99BC-1228337995FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "97626150-FED1-49F7-9CA5-4A5C61A5544C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "C22B49A3-FE14-4677-A141-935AE852E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "278FEDCA-CDE6-4EB6-BCD8-B4B0507DC9A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "B0106414-9BB7-4189-B30E-E5D2B92DCD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "38EB6F60-D89E-4594-A323-3F9A7751E2D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A60F310-FB14-4B46-8ECE-310B6690FD7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "E80151B7-9F69-428F-9689-78FF8F24BF61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.2, 10,1, 10.5 y 11.1 (incluido DB2 Connect Server) es vulnerable a un desbordamiento de b\u00fafer que podr\u00eda permitir que un usuario local sobrescriba archivos DB2 o provoque una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 120668."
    }
  ],
  "id": "CVE-2017-1105",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-27T16:29:00.323",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003877"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99264"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038773"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120668"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-09-28 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/archive/1/331904	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/8346	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/12826
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/331904	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/8346	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/12826

Impacted products

Vendor	Product	Version
ibm	db2	9.0
ibm	db2_universal_database	6.0
ibm	db2_universal_database	7.0
ibm	db2_universal_database	7.1
ibm	db2_universal_database	7.2
ibm	db2_universal_database	8.0
ibm	db2_universal_database	8.1
ibm	db2_universal_database	8.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF280E6-CF00-4B71-B58A-2087D339C665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "489B0F5D-2D6B-4599-BE7A-41A491E6318A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "6EA810DB-104E-412A-8B6E-DBB5BEE743A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "56D0096E-8145-4A36-BC18-A9C5C780D1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*",
              "matchCriteriaId": "80DE2026-D9F0-4AAA-97E6-F4FB0EBDB265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "6F180189-FA62-453A-B6F8-134FE12805EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*",
              "matchCriteriaId": "3DC757E1-EC37-48C5-BE72-53184624ACDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "B4EC24E8-4E4F-4D93-88E6-B27FEB663823",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs."
    },
    {
      "lang": "es",
      "value": "IBM DB2 7.1 y 8.1 permite al usuario bin ganar privilegios de root modificando las librer\u00edas compartidas usadas por programas con setuid de root."
    }
  ],
  "id": "CVE-2003-1052",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-09-28T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/331904"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8346"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/331904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-03-08 19:59

Modified

2025-04-20 01:37

Severity ?

3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21999515	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/96597
psirt@us.ibm.com	http://www.securitytracker.com/id/1037946
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21999515	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96597
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037946

Impacted products

Vendor	Product	Version
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "56AA8839-8926-40F1-BB9A-AB648DE7F272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "6ABE0FCB-8E32-4AB6-A8D8-79159FCDD889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "5D92ADEC-6ED8-4B07-AB75-204AED0BF896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "A2E6CBD8-7DD7-44F7-8F5D-D79074561AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "5273074C-9C2F-458C-9333-BD16B59008CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 10.1, 10.5 y 11.1 podr\u00eda permitir a un atacante autenticado con acceso especializado a tablas que no se deber\u00eda permitir ver. Referencia IBM #: 1999515."
    }
  ],
  "id": "CVE-2017-1150",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-08T19:59:00.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21999515"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/96597"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21999515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/96597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037946"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El componente Common Code Infrastructure en IBM DB2 v9.5 anterior a FP5 y v9.7 anterior a FP1, no valida adecuadamente el tama\u00f1o del pool de memoria durante un intento de creaci\u00f3n, lo que permite a atacantes provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2009-4327",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ43772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-04-03 14:29

Modified

2024-11-21 04:43

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/155892	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10878793	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/155892	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10878793	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1.0.0
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.1.0.6
ibm	db2	10.5.0.0
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	10.5.0.8
ibm	db2	10.5.0.9
ibm	db2	10.5.0.10
ibm	db2	11.1.0.0
ibm	db2	11.1.1.1
ibm	db2	11.1.2.2
ibm	db2	11.1.3.3
ibm	db2	11.1.4.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19D90B2-0B71-498B-8428-B27950E1D2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E036B621-7EE1-41E0-AAEC-D13FCB17B2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB95E38-7A78-4798-B0E2-814DAE1153A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B95F778-8E2B-4A6D-BA3B-254F87B492BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B40593-EA0D-4134-BBA0-35DA70D3C6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "177780EE-76F9-41D9-83C9-48C5DFCF8702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E38BC34-066B-4B4D-929F-4E5C6BCB1442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23910ECC-960A-44DF-BA8D-C1553D088EAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows, en sus versiones 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server), son vulnerables a un desbordamiento de b\u00fafer, lo que podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario en el sistema como root. IBM X-Force ID: 155892."
    }
  ],
  "id": "CVE-2019-4014",
  "lastModified": "2024-11-21T04:43:02.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-03T14:29:00.800",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155892"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878793"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-13 21:15

Modified

2024-11-21 07:11

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/230823	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230921-0003/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6618775	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/230823	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230921-0003/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6618775	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegaci\u00f3n de servicio tras introducir una sentencia SQL malformada en la herramienta Db2expln. IBM X-Force ID: 230823"
    }
  ],
  "id": "CVE-2022-35637",
  "lastModified": "2024-11-21T07:11:24.747",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-13T21:15:09.303",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230823"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230921-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6618775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230921-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6618775"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-25 14:29

Modified

2024-11-21 03:59

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016181	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1041004	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/140045	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016181	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041004	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/140045	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podr\u00eda permitir a un usuario local sobrescribir archivos arbitrarios pertenecientes al propietario de la instancia del DB2. IBM X-Force ID: 140045."
    }
  ],
  "id": "CVE-2018-1450",
  "lastModified": "2024-11-21T03:59:50.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T14:29:00.497",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041004"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140045"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-08-31 22:00

Modified

2025-04-11 00:51

Severity ?

Summary

Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/41218	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2010/2225	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/61444
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41218	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2225	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/61444
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "1DF94D3C-3C23-4F22-B9B6-658C23E7BAF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en el programa DB2STST en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 tienen un impacto y vactores de ataque desconocidos."
    }
  ],
  "id": "CVE-2010-3193",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-31T22:00:02.530",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41218"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2225"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61444"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-11-20 14:15

Modified

2024-11-21 05:33

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/188149	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6370023	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/188149	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6370023	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.7.0.0
ibm	db2	10.1.0.0
ibm	db2	10.5.0.0
ibm	db2	11.1.0.0
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3A4627A-DD08-4ECA-854C-F38CC6799C32",
              "versionEndExcluding": "11.5.5.0",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149."
    },
    {
      "lang": "es",
      "value": "IBM DB2 Accessories Suite para Linux, UNIX y Windows, DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00edan permitir a un atacante local autenticado ejecutar c\u00f3digo arbitrario en el sistema, causado por una vulnerabilidad de secuestro de orden de b\u00fasqueda DLL en el cliente de Microsoft Windows.\u0026#xa0;Al colocar un archivo especialmente dise\u00f1ado en una carpeta comprometida, un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema.\u0026#xa0; IBM X-Force ID: 188149"
    }
  ],
  "id": "CVE-2020-4739",
  "lastModified": "2024-11-21T05:33:11.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-20T14:15:11.940",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188149"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6370023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6370023"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-12 21:29

Modified

2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22007183	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100688	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1039298	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/129829	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22007183	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100688	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039298	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/129829	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	11.1.0.0
ibm	db2_connect	10.5
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.7
ibm	db2_connect	11.1.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "CA651B7E-418B-4C3C-9A83-7E25342D884F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD73C3-412C-461A-A1A4-BB760CC3C2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D91F10-BC9A-4A20-A153-022C9207A1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95700FA-C64B-40D9-81C5-39A76961A89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DF3EF9D-7FD1-46F4-A745-2C3D31B2E12F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "269C7299-D812-462D-9C4D-D36F5665789E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89A2701-5904-4DBD-8AAC-9972611CC92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B42E8C32-272B-4D9D-8479-D15D511FAAE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E32FD81-F765-4115-9977-B1913CE13106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829."
    },
    {
      "lang": "es",
      "value": "IBM DB2 10.5 y 11.1 es vulnerable a denegaciones de servicio. Un usuario remoto puede provocar la interrupci\u00f3n del servicio en la instalaci\u00f3n de DB2 Connect Server con una configuraci\u00f3n espec\u00edfica. IBM X-Force ID: 129829."
    }
  ],
  "id": "CVE-2017-1519",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T21:29:00.627",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22007183"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100688"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039298"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22007183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129829"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-17 01:15

Modified

2024-11-21 08:07

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/257763	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230818-0013/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010747	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/257763	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230818-0013/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010747	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.  A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system.  IBM X-Force ID:  257763."
    }
  ],
  "id": "CVE-2023-35012",
  "lastModified": "2024-11-21T08:07:49.463",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-17T01:15:08.693",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257763"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0013/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0013/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010747"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.

References

▶	URL	Tags
	cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859
	af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server."
    },
    {
      "lang": "es",
      "value": "Fuga de memoria en el componente  Relational Data Services en IBM DB2 UDB v9.5 anterior a FP6a, cuando el concentrador de conexi\u00f3n est\u00e1 activado,  permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de la memoria din\u00e1mica -heap-)  empleando un c\u00f3digo de p\u00e1gina diferente a la del servidor de base de datos."
    }
  ],
  "id": "CVE-2010-3736",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-05T18:00:33.347",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-01 15:15

Modified

2024-11-21 05:32

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/180076	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6242362	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/180076	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6242362	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	10.1.0.0
ibm	db2	10.5.0.0
ibm	db2	11.1.0.0
ibm	db2	11.5.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E94B9A7-5DF7-4F52-B87F-094A50010F79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00edan permitir a un atacante no autenticado causar una denegaci\u00f3n de servicio debido a un bloqueo en la ejecuci\u00f3n de un comando de finalizaci\u00f3n. IBM X-Force ID: 180076"
    }
  ],
  "id": "CVE-2020-4420",
  "lastModified": "2024-11-21T05:32:43.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-01T15:15:15.127",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242362"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-404"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-03-22 12:29

Modified

2024-11-21 03:59

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22013756	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/103574	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1041012	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/139073	Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22013756	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103574	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041012	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/139073	Third Party Advisory, VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073."
    },
    {
      "lang": "es",
      "value": "IBM GSKit (IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1) emplea algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir que un atacante descifre informaci\u00f3n altamente sensible. IBM X-Force ID: 139073."
    }
  ],
  "id": "CVE-2018-1428",
  "lastModified": "2024-11-21T03:59:48.093",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-22T12:29:00.673",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103574"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041012"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139073"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-06-24 17:15

Modified

2024-11-21 06:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/221973	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20220729-0007/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6597993	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/221973	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220729-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6597993	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, puede ser vulnerable a una divulgaci\u00f3n de informaci\u00f3n causada por una administraci\u00f3n inapropiada de privilegios cuando es usada la funci\u00f3n de tabla. IBM X-Force ID: 221973"
    }
  ],
  "id": "CVE-2022-22390",
  "lastModified": "2024-11-21T06:46:44.443",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-24T17:15:08.563",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6597993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6597993"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-07-25 10:42

Modified

2025-04-11 00:51

Severity ?

Summary

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/49919
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21600837
psirt@us.ibm.com	http://www.securityfocus.com/bid/54487
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49919
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21600837
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54487

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1.0.1
ibm	db2	9.1.0.2
ibm	db2	9.1.0.2
ibm	db2	9.1.0.3
ibm	db2	9.1.0.3
ibm	db2	9.1.0.4
ibm	db2	9.1.0.4
ibm	db2	9.1.0.5
ibm	db2	9.1.0.6
ibm	db2	9.1.0.6
ibm	db2	9.1.0.7
ibm	db2	9.1.0.7
ibm	db2	9.1.0.8
ibm	db2	9.1.0.9
ibm	db2	9.1.0.10
ibm	db2	9.1.0.11
ibm	db2	9.5
ibm	db2	9.5.0.1
ibm	db2	9.5.0.2
ibm	db2	9.5.0.2
ibm	db2	9.5.0.3
ibm	db2	9.5.0.3
ibm	db2	9.5.0.3
ibm	db2	9.5.0.4
ibm	db2	9.5.0.4
ibm	db2	9.5.0.5
ibm	db2	9.5.0.6
ibm	db2	9.5.0.7
ibm	db2	9.5.0.8
ibm	db2	9.5.0.9
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.8
ibm	db2	9.8.0.3
ibm	db2	9.8.0.4
ibm	db2	9.8.0.5
ibm	db2	10.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "04A3E057-5DD6-494F-9195-BB57BA107877",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B2D2913-079E-41D5-975D-DB62309ED9BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "0A7D0F90-0DEB-49BD-B753-BB832B0554CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC88935-B62C-4510-8246-2E0E9D63DF57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "A687DD0E-0212-4F2F-AF24-8DCB3AF60C3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2FAF674-6583-4BA1-BE1F-6CF14D129036",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.4:a:*:*:*:*:*:*",
              "matchCriteriaId": "FC4C04EA-8A95-423E-9EDC-1F29B42C8065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D21588-6838-48A3-86E5-1ADFE71951E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB96916D-C245-4CEA-B435-FAF4454E3251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.6:a:*:*:*:*:*:*",
              "matchCriteriaId": "C6814580-113F-498D-AC07-425C970059DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CE1063-6DAF-484D-A0B2-6F4D6F18B39B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.7:a:*:*:*:*:*:*",
              "matchCriteriaId": "15E1897A-FEC0-47CB-AC32-0787A8B236B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "87956B68-68C7-4CEB-AA74-454F1DC26DBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "252B1BCD-D326-4425-A923-B05BB32D08BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8D741D-4F55-4BE4-ADA6-ADDAC02E5A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8336EA8D-BD3C-4B25-80C1-A85F64328039",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D26FF3-1D40-49D6-A5BB-284FE1B89288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A2E9C9-8EB4-4127-8278-E976D4D3B7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "DC1ED577-3F11-415F-90C8-62B9EC21CA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E054B24-704E-4C05-8E58-3FE0A04D84EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "4C72E084-0266-4389-B8BB-202292D47DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:b:*:*:*:*:*:*",
              "matchCriteriaId": "008B98FD-1DE2-4323-B20E-7BD422EB6771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12C4D6E-7AF9-44F9-9389-F9CA7409C41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.4:a:*:*:*:*:*:*",
              "matchCriteriaId": "8A1C889C-885B-4DB3-A5F4-89A0B1DE0F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C13BB7FD-718B-499E-87C7-637D2A2E3D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.6:a:*:*:*:*:*:*",
              "matchCriteriaId": "267FE109-013A-482E-8078-161FA0991973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F30C1B-0799-49A2-BAA5-26A6030B7682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4E4D16-3C35-42BD-A131-AF0DFC2D20AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7D92A9-BC9A-4F56-AEA6-CE06C7688070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "734E79E6-4A83-4CBF-B8B3-2D6D4491728E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3631F758-5C8F-4D24-81C1-D6146B0209CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB6E617-98EA-4944-9211-FFEE9E50FE55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer basado en pila en la infraestructura de procedimiento almacenado de Java (\u0027Java Stored Procedure infrastructure\u0027) en IBM DB2 v9.1 antes de FP12, v9.5 a FP9, v9.7 a FP6, v9.8 a FP5, y v10.1 permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n aprovech\u00e1ndose de ciertos privilegios CONNECT y EXECUTE.\r\n"
    }
  ],
  "id": "CVE-2012-2197",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-25T10:42:34.837",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/49919"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/54487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54487"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-11-30 15:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10737295	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/106060	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1042165	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/152462	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10737295	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106060	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042165	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/152462	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 db2pdcfg es vulnerable a un desbordamiento de b\u00fafer basado en pila provocado por una comprobaci\u00f3n de l\u00edmites incorrecta que podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario. IBM X-Force ID: 152462."
    }
  ],
  "id": "CVE-2018-1897",
  "lastModified": "2024-11-21T04:00:33.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-30T15:29:00.220",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737295"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106060"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042165"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152462"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2025-02-13 17:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/253357	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230731-0007/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/253357	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230731-0007/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  253357."
    }
  ],
  "id": "CVE-2023-30445",
  "lastModified": "2025-02-13T17:16:24.180",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:51.957",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253357"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-04-27 15:30

Modified

2025-04-11 00:51

Severity ?

Summary

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.

References

URL	Tags
cve@mitre.org	http://attrition.org/pipermail/vim/2010-April/002341.html
cve@mitre.org	http://osvdb.org/64041
cve@mitre.org	http://secunia.com/advisories/39500	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0982	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/58070
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14613
af854a3a-2127-422b-91ae-364da2661108	http://attrition.org/pipermail/vim/2010-April/002341.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/64041
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39500	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0982	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/58070
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14613

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "24FEC267-7EB4-4524-B6F6-265CDB6A480A",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la funci\u00f3n REPEAT en DB2 de IBM versi\u00f3n 9.1 anterior a FP9, permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (trampa) por medio de vectores no especificados. NOTA: esto podr\u00eda solaparse al CVE-2010-0462."
    }
  ],
  "id": "CVE-2010-1560",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-04-27T15:30:01.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://attrition.org/pipermail/vim/2010-April/002341.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/64041"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39500"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0982"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58070"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://attrition.org/pipermail/vim/2010-April/002341.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/64041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14613"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-03-22 12:29

Modified

2024-11-21 03:59

Severity ?

7.4 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22013756	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/105580	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1041012	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/139071	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22013756	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105580	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041012	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/139071	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071."
    },
    {
      "lang": "es",
      "value": "IBM GSKit (IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1) duplica el estado PRNG a lo largo de las llamadas de sistema fork() cuando se cargan m\u00faltiples instancias ICC. Esto podr\u00eda resultar en ID de sesi\u00f3n duplicados y en el riesgo de que se duplique material clave. IBM X-Force ID: 139071."
    }
  ],
  "id": "CVE-2018-1426",
  "lastModified": "2024-11-21T03:59:47.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-22T12:29:00.563",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105580"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041012"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139071"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-335"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-03-11 16:15

Modified

2024-11-21 05:33

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/193660	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210409-0003/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6427861	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/193660	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210409-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6427861	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
linux	linux_kernel	-
microsoft	windows	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD327F40-DAD7-44C3-9E98-B742595FE95F",
              "versionEndExcluding": "11.1.4.6",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3A4627A-DD08-4ECA-854C-F38CC6799C32",
              "versionEndExcluding": "11.5.5.0",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "77E2A7AA-6BEC-4796-8F9C-B9761445203F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "DDB6647C-7CF0-474F-94C8-F5C7F6EE0DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "786B3F51-46A3-4A4C-A549-B80BA27EE3B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "AB349DC8-2EC6-4A11-9BCD-9C49D36BA49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "CC8D88E5-7942-4F21-B0BA-7D23F4537117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "D7A42A22-D615-4D60-8FC4-61CDF727FD54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "8614A1E4-F2B2-4D76-B0A4-4D2C210BC6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "BEBA2C16-A984-4DA3-953E-A3F29884ED09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "7B4337FD-3E56-482A-B27B-079901B07226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "F1DE50F8-6817-4C72-95BA-A81268F52E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "BCF253DE-A7BD-4626-8CA4-63CBF527A4A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "22019513-E605-4245-B031-05D8B0C8E3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "71959DD4-A6DF-40CC-A1D4-4211C292D9B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "AE96DEA7-95B8-487C-9ADC-ABD29942DEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "0D5B31BE-FE9D-4D12-945E-3870BB46CDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "14A3CD2D-6CE7-40AC-B3A2-F515D08A9A0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "A5466AD6-FE18-4778-9D6C-212347ECFFE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "282E708B-2FE3-4B1C-9DFC-C3BD164F3F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00eda permitir a un atacante no autenticado causar una denegaci\u00f3n de servicio debido a un bloqueo en la respuesta de protocolo de enlace SSL.\u0026#xa0;IBM X-Force ID: 193660"
    }
  ],
  "id": "CVE-2020-5024",
  "lastModified": "2024-11-21T05:33:34.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-11T16:15:12.847",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193660"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6427861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6427861"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-30 23:55

Modified

2025-04-12 10:46

Severity ?

Summary

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

References

URL	Tags
psirt@us.ibm.com	http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
psirt@us.ibm.com	http://seclists.org/fulldisclosure/2014/Jun/7
psirt@us.ibm.com	http://secunia.com/advisories/59451
psirt@us.ibm.com	http://secunia.com/advisories/59463
psirt@us.ibm.com	http://secunia.com/advisories/60482
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21680454
psirt@us.ibm.com	http://www-304.ibm.com/support/docview.wss?uid=swg21676135
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IT00686
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21610582#4	Vendor Advisory
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21672100	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/67617
psirt@us.ibm.com	http://www.securitytracker.com/id/1030670
psirt@us.ibm.com	http://www.securitytracker.com/id/1030671
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
psirt@us.ibm.com	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Jun/7
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59451
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59463
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60482
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21680454
af854a3a-2127-422b-91ae-364da2661108	http://www-304.ibm.com/support/docview.wss?uid=swg21676135
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IT00686
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21610582#4	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21672100	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/67617
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030670
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030671
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
af854a3a-2127-422b-91ae-364da2661108	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de b\u00fasqueda de ruta no confiable en programas no especificados (1) setuid y (2) setgid en IBM DB2 9.5, 9.7 anterior a FP9a, 9.8, 10.1 anterior a FP3a y 10.5 anterior a FP3a en Linux y UNIX permiten a usuarios locales ganar privilegios root a trav\u00e9s de una librar\u00eda caballo de troya."
    }
  ],
  "evaluatorComment": "Per http://cwe.mitre.org/data/definitions/426.html\n\n\"CWE-426: Untrusted Search Path\"",
  "id": "CVE-2014-0907",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-30T23:55:02.517",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://seclists.org/fulldisclosure/2014/Jun/7"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59451"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59463"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60482"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680454"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21676135"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT00686"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21672100"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/67617"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1030670"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1030671"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91869"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Jun/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21676135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IT00686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21672100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.

References

▶	URL	Tags
	cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707
	af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file."
    },
    {
      "lang": "es",
      "value": "El componente Utilities en IBM DB2 UDB v9.5 anterior a FP6a emplea permisos de escritura para todo el mundo (world-writable) para el archivo sqllib/cfg/db2sprf, lo que podr\u00eda permitir a usuarios locales obtener privilegios mediante la modificaci\u00f3n de este archivo."
    }
  ],
  "id": "CVE-2010-3733",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-05T18:00:33.050",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-25 14:29

Modified

2024-11-21 03:59

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016141	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1040968	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/140973	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016141	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040968	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/140973	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 10.5 y 11.1 (incluido DB2 Connect Server) es vulnerable a un desbordamiento de b\u00fafer, lo que podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario en el sistema como root. IBM X-Force ID: 140973."
    }
  ],
  "id": "CVE-2018-1488",
  "lastModified": "2024-11-21T03:59:54.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T14:29:00.760",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016141"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140973"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-22 21:15

Modified

2024-11-21 08:29

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/270264	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240307-0001/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7105497	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/270264	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7105497	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C382D744-D189-4F7D-B896-52C1B87F8C06",
              "versionEndExcluding": "11.5.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  270264."
    },
    {
      "lang": "es",
      "value": "IIBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 podr\u00eda permitir que un usuario autenticado con privilegios CONNECT provoque una denegaci\u00f3n de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 270264."
    }
  ],
  "id": "CVE-2023-47141",
  "lastModified": "2024-11-21T08:29:51.163",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-22T21:15:09.367",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270264"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105497"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-07-20 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523	Patch, Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21959650
psirt@us.ibm.com	http://www.securityfocus.com/bid/75911
psirt@us.ibm.com	http://www.securitytracker.com/id/1032879
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21959650
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75911
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032879

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "025FA405-0FD2-4B19-8FA4-15581085BD15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F425C545-39CD-483C-97A3-BE0DC3EE63DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A6A7680-D883-414F-965B-1D6136760CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*",
              "matchCriteriaId": "76107CFE-EB32-4AF6-9AF9-F16238F9C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "7D1225B0-DBFF-4A13-93CB-1B64AF9ACE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la implementaci\u00f3n de Data Movement en IBM DB2 9.7 a trav\u00e9s de FP10, 9.8 a trav\u00e9s de FP5, 10.1 anterior a FP5 y 10.5 a trav\u00e9s de FP5 en Linux, UNIX y Windows, permite a usuarios remotos autenticados evadir las restricciones de acceso previstos y eliminara filas de la tabla a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-1922",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-20T01:59:05.097",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959650"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/75911"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1032879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032879"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-04-28 20:05

Modified

2025-04-09 00:30

Severity ?

Summary

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/29022	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/29784	Third Party Advisory
cve@mitre.org	http://securityreason.com/securityalert/3840	Third Party Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776	Vendor Advisory
cve@mitre.org	http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/491073/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/28836	Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41960	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29022	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29784	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3840	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491073/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28836	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41960	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
microsoft	windows	*
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "72FA9A16-8AFD-4D93-95B4-EAB6E6030D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BB299EAB-31AA-4BAA-B477-0F909A8418AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "6FD22E1E-F5BC-45D5-98F4-EDEE87D718F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "222C1B84-0C28-451F-BB02-4CB925263312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "08177181-660C-4BF4-9031-74EE89297CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "AB51AF7F-6D09-4EEE-AE8E-E6CCF06C28E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6b:*:*:*:*:*:*",
              "matchCriteriaId": "64BC5E59-361E-4343-9BB9-9772D47E57B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6c:*:*:*:*:*:*",
              "matchCriteriaId": "A2E1FC49-96AF-4933-BBE8-71DAEAEDD855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "0B5FF14E-2971-4F3F-AD25-D00B0FEDA08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "56B7F547-3519-4A12-AB65-C1768153A7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7b:*:*:*:*:*:*",
              "matchCriteriaId": "FE9D14B8-5B4E-4D27-88B9-EBAC46D8282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8a:*:*:*:*:*:*",
              "matchCriteriaId": "6669F847-ED6A-422F-85F7-DAF9B0159F01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "E8D354AD-995D-4FC8-A7C4-7860549A1634",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter."
    },
    {
      "lang": "es",
      "value": "El procedimiento NNSTAT (tambi\u00e9n conocido como SYSPROC.NNSTAT) en IBM DB2 8 versiones anteriores a FP16, 9.1 versiones anteriores a FP4a, y 9.5 versiones anteriores a FP1 en Windows permite a usuarios remotos autenticados sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s del par\u00e1metro log file."
    }
  ],
  "id": "CVE-2008-1998",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-04-28T20:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29784"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3840"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/491073/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/28836"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3840"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/491073/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/28836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41960"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-20 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21588090	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/78282
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/73494
psirt@us.ibm.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15078
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21588090	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/78282
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/73494
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15078

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "59E6D578-4727-4AA3-9313-97D9775AC41E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "1DF94D3C-3C23-4F22-B9B6-658C23E7BAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "8C26F7EA-4A39-4244-87C9-397AE1C4B34C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "E3E12C63-19FF-4BB9-9389-BF5E6B493F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "10456C00-127D-46FE-82A4-D567AB19F87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "E476599E-7087-4442-AED5-61DC1CA1F374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "93F5745A-219B-48F6-95E9-85B4E516FA94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "786B3F51-46A3-4A4C-A549-B80BA27EE3B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "AB349DC8-2EC6-4A11-9BCD-9C49D36BA49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "CC8D88E5-7942-4F21-B0BA-7D23F4537117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "601CABF7-997C-4828-9292-99FFBF603F3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.1 antes de FP11, 9.5 antes de FP9, 9.7 antes de FP5, y 9.8 antes de FP4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de una  solicitud Distributed Relational Database Architecture (DRDA) modificada."
    }
  ],
  "id": "CVE-2012-0710",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-20T20:55:01.240",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588090"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/78282"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73494"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/78282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15078"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-05-10 00:19

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."

References

URL	Tags
cve@mitre.org	http://osvdb.org/40973
cve@mitre.org	http://osvdb.org/40975
cve@mitre.org	http://secunia.com/advisories/25148	Patch, Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/search.wss?rs=0&q=IY97750&apar=only
cve@mitre.org	http://www.securityfocus.com/archive/1/482024/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/23890
cve@mitre.org	http://www.securityfocus.com/bid/26010
cve@mitre.org	http://www.securitytracker.com/id?1018029
cve@mitre.org	http://www.securitytracker.com/id?1018801
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1707	Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-07-056.html
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34184
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/40973
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/40975
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25148	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/search.wss?rs=0&q=IY97750&apar=only
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/482024/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23890
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26010
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018029
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018801
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1707	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-07-056.html
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34184

Impacted products

	Vendor	Product	Version
	ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E17F22-F4FC-4D2D-92DA-7BD9EC4F26CC",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a \"MemTree overflow.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en el servicio DB2 JDBC Applet Server (DB2JDS) en IBM DB2 versi\u00f3n 9.x y anteriores, permiten que los atacantes remotos (1) ejecuten un c\u00f3digo arbitrario por medio de un paquete creado para el servicio DB2JDS en tcp/6789; y causa una denegaci\u00f3n de servicio por medio de (2) un par\u00e1metro LANG no v\u00e1lido o (2) un paquete largo que genera un \"MemTree overflow.\""
    }
  ],
  "id": "CVE-2007-2582",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-10T00:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/40973"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/40975"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25148"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY97750\u0026apar=only"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482024/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23890"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26010"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018029"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018801"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1707"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-056.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/40973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/40975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY97750\u0026apar=only"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482024/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018801"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-056.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34184"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-05-08 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21698021	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/74217
psirt@us.ibm.com	http://www.securitytracker.com/id/1032247
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21698021	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74217
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032247

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "7D6DD3FF-5AD3-4D39-9CEE-838630A45C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "AD3706B1-232E-411A-9F42-452CEF827341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "0AEA6FC2-8A75-4C22-92B8-8F7243B20886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "70DD1608-0865-451C-989C-67D7E7FDADBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "55AB0632-CDAF-43CB-A614-33E5687D6A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "025FA405-0FD2-4B19-8FA4-15581085BD15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F425C545-39CD-483C-97A3-BE0DC3EE63DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A6A7680-D883-414F-965B-1D6136760CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*",
              "matchCriteriaId": "76107CFE-EB32-4AF6-9AF9-F16238F9C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "7D1225B0-DBFF-4A13-93CB-1B64AF9ACE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.5 hasta 10.5 en Linux, UNIX, y Windows almacena contrase\u00f1as durante el procesamiento de ciertas declaraciones SQL mediante las instalaciones de monitorizaci\u00f3n y auditoria, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de comandos asociados con estas instalaciones."
    }
  ],
  "id": "CVE-2014-0919",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-08T01:59:00.080",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/74217"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1032247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032247"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 07:53

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249514	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230803-0006/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249514	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230803-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249514."
    }
  ],
  "id": "CVE-2023-27867",
  "lastModified": "2024-11-21T07:53:36.297",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:50.060",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249514"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010029"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-03-11 22:29

Modified

2024-11-21 04:43

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/155893	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/155893	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows, en sus versiones 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server), es vulnerable a un desbordamiento de b\u00fafer, lo que podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario en el sistema como root. IBM X-Force ID: 155893."
    }
  ],
  "id": "CVE-2019-4015",
  "lastModified": "2024-11-21T04:43:02.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-11T22:29:01.110",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155893"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-20 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21588098	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/73496
psirt@us.ibm.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21588098	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/73496
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "E3E12C63-19FF-4BB9-9389-BF5E6B493F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "10456C00-127D-46FE-82A4-D567AB19F87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "E476599E-7087-4442-AED5-61DC1CA1F374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "93F5745A-219B-48F6-95E9-85B4E516FA94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "786B3F51-46A3-4A4C-A549-B80BA27EE3B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "AB349DC8-2EC6-4A11-9BCD-9C49D36BA49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "CC8D88E5-7942-4F21-B0BA-7D23F4537117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "D7A42A22-D615-4D60-8FC4-61CDF727FD54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "601CABF7-997C-4828-9292-99FFBF603F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "B5133944-390D-4CEF-86EB-587A5D27F940",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n de XML en IBM DB2 v9.5 antes de FP9, v9.7 hasta FP5, y v9.8 hasta FP4 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (bucle infinito) llamando a la funci\u00f3n XMLPARSE con una expresi\u00f3n de cadena modificada."
    }
  ],
  "id": "CVE-2012-0712",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-20T20:55:01.397",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588098"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73496"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 18:15

Modified

2024-08-23 18:55

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.

References

▶	URL	Tags
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/292639	Not Applicable
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7165342	Not Applicable

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*",
              "matchCriteriaId": "51CDD6A3-B1B6-4A21-AC60-2BC4761B527C",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "09EB63CF-B13D-4BB6-9554-F7C243A95F10",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "0DDA0DE9-A4AD-41D8-9649-3303569EA9A4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9907B0C1-3852-43B3-88D3-269DA5D3B5FA",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*",
              "matchCriteriaId": "35FE6D87-9C5F-446E-8953-8A3B2FCD0A53",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.  IBM X-Force ID:  294295."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 y 11.5 podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio con una consulta especialmente manipulada debido a una asignaci\u00f3n de memoria incorrecta. ID de IBM X-Force: 294295."
    }
  ],
  "id": "CVE-2024-37529",
  "lastModified": "2024-08-23T18:55:48.257",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T18:15:12.470",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292639"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.ibm.com/support/pages/node/7165342"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-789"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-12-12 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/62092
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21690787	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21693197
psirt@us.ibm.com	http://www.securityfocus.com/bid/71729
psirt@us.ibm.com	http://www.securitytracker.com/id/1034571
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/98684
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62092
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21690787	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21693197
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71729
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034571
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/98684

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.5 hasta FP10, 9.7 hasta FP10, 9.8 hasta FP5, 10.1 hasta FP4, y 10.5 anterior a FP5 en Linux, UNIX, y Windows permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante la especificaci\u00f3n de una columna de identidad dentro de una declaraci\u00f3n ALTER TABLE manipulada."
    }
  ],
  "id": "CVE-2014-6209",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-12T16:59:00.067",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/62092"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690787"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/71729"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1034571"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98684"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-12-19 02:15

Modified

2025-01-31 15:27

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010557	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegaci\u00f3n de servicio con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2023-30443",
  "lastModified": "2025-01-31T15:27:38.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-19T02:15:22.223",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-09-11 01:13

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
cve@mitre.org	http://osvdb.org/48144
cve@mitre.org	http://secunia.com/advisories/31787	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134
cve@mitre.org	http://www.securityfocus.com/bid/31058
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45133
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/48144
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31787	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31058
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45133

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "8A94F484-424C-4DF3-9327-95CFC7B4A83E",
              "versionEndIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1FC760-D058-4DE6-80B3-F3AA22757A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "72FA9A16-8AFD-4D93-95B4-EAB6E6030D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BB299EAB-31AA-4BAA-B477-0F909A8418AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "6FD22E1E-F5BC-45D5-98F4-EDEE87D718F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "222C1B84-0C28-451F-BB02-4CB925263312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "08177181-660C-4BF4-9031-74EE89297CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "AB51AF7F-6D09-4EEE-AE8E-E6CCF06C28E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6b:*:*:*:*:*:*",
              "matchCriteriaId": "64BC5E59-361E-4343-9BB9-9772D47E57B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6c:*:*:*:*:*:*",
              "matchCriteriaId": "A2E1FC49-96AF-4933-BBE8-71DAEAEDD855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "0B5FF14E-2971-4F3F-AD25-D00B0FEDA08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "56B7F547-3519-4A12-AB65-C1768153A7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7b:*:*:*:*:*:*",
              "matchCriteriaId": "FE9D14B8-5B4E-4D27-88B9-EBAC46D8282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8a:*:*:*:*:*:*",
              "matchCriteriaId": "6669F847-ED6A-422F-85F7-DAF9B0159F01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "E8D354AD-995D-4FC8-A7C4-7860549A1634",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.  NOTE: this may overlap CVE-2008-3858.  NOTE: this issue exists because of an incomplete fix for CVE-2008-3959."
    },
    {
      "lang": "es",
      "value": "IBM DB2 UDB 8 antes del Fixpak 17 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la instancia) mediante una cadena de datos CONNECT/ATTACH manipulada que simula una petici\u00f3n de cliente V7 conectar/adjuntar. NOTA: esto podr\u00eda superponerse con CVE-2008-3858. NOTA: este problema existe debido a un parche incompleto para CVE-2008-3959."
    }
  ],
  "evaluatorComment": "http://secunia.com/advisories/31787\r\n\r\nSome vulnerabilities have been reported in DB2, where some have an unknown impact and others can be exploited by malicious users to perform certain actions with escalated privileges, and by malicious people to cause a DoS or potentially compromise a vulnerable system.",
  "id": "CVE-2008-3958",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-11T01:13:47.523",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/48144"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31058"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/48144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45133"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-01 15:15

Modified

2024-11-21 04:43

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/156567	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10880735	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/156567	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10880735	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1.0.0
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.1.0.6
ibm	db2	10.5.0.0
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	10.5.0.8
ibm	db2	10.5.0.9
ibm	db2	10.5.0.10
ibm	db2	11.1.0.0
ibm	db2	11.1.1.1
ibm	db2	11.1.2.2
ibm	db2	11.1.3.3
ibm	db2	11.1.4.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19D90B2-0B71-498B-8428-B27950E1D2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E036B621-7EE1-41E0-AAEC-D13FCB17B2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB95E38-7A78-4798-B0E2-814DAE1153A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B95F778-8E2B-4A6D-BA3B-254F87B492BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B40593-EA0D-4134-BBA0-35DA70D3C6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "177780EE-76F9-41D9-83C9-48C5DFCF8702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E38BC34-066B-4B4D-929F-4E5C6BCB1442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23910ECC-960A-44DF-BA8D-C1553D088EAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.1 podr\u00eda permitir que un usuario malintencionado con acceso a la cuenta de la instancia de DB2 aproveche un proceso de ejecuci\u00f3n cercado para ejecutar c\u00f3digo arbitrario como root. ID de IBM X-Force: 156567."
    }
  ],
  "id": "CVE-2019-4057",
  "lastModified": "2024-11-21T04:43:06.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-01T15:15:11.927",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156567"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880735"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-03-11 22:29

Modified

2024-11-21 04:43

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/155894	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/155894	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows, en sus versiones 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server), es vulnerable a un desbordamiento de b\u00fafer, lo que podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario en el sistema como root. IBM X-Force ID: 155894."
    }
  ],
  "id": "CVE-2019-4016",
  "lastModified": "2024-11-21T04:43:03.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-11T22:29:01.173",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155894"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-29 19:15

Modified

2025-08-06 19:42

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain non-default conditions.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7240943	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	12.1.0
ibm	db2	12.1.1
ibm	db2	12.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
              "matchCriteriaId": "FB68EACE-0F80-448C-962E-756CF3FF6734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "BB83F549-7120-4B17-9172-F338FD427F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
              "matchCriteriaId": "703CB3FF-6DB5-432E-B469-2A90A33A5F2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\n\n\nis vulnerable to denial of service with a specially crafted query under certain non-default conditions."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux 12.1.0, 12.1.1 y 12.1.2 es vulnerable a la denegaci\u00f3n de servicio con una consulta especialmente manipulada en determinadas condiciones no predeterminadas."
    }
  ],
  "id": "CVE-2025-33114",
  "lastModified": "2025-08-06T19:42:05.953",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-29T19:15:45.647",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7240943"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-943"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 08:00

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/252184	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230731-0007/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010565	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/252184	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230731-0007/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010565	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking.  An attacker could overflow the buffer and execute arbitrary code.  IBM X-Force ID:  252184."
    }
  ],
  "id": "CVE-2023-30431",
  "lastModified": "2024-11-21T08:00:10.273",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:51.817",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252184"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010565"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-25 14:29

Modified

2024-11-21 03:59

Severity ?

7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016140	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1040969	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/141624	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016140	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040969	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/141624	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 10.5 y 11.1 (incluido DB2 Connect Server) en condiciones espec\u00edficas o inusuales, podr\u00eda permitir que un usuario local desborde un b\u00fafer, lo que puede resultar en un escalado de privilegios al propietario de la instancia DB2. IBM X-Force ID: 141624."
    }
  ],
  "id": "CVE-2018-1515",
  "lastModified": "2024-11-21T03:59:56.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T14:29:00.807",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016140"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040969"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141624"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-09-29 21:30

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.

References

URL	Tags
cve@mitre.org	http://osvdb.org/58479
cve@mitre.org	http://secunia.com/advisories/36890	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21403619
cve@mitre.org	http://www.securityfocus.com/bid/36540
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/58479
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36890	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21403619
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36540

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.1 anterior a FP8 no requiere el privilegio SETSESSIONUSER para la sentencia SET SESSION AUTHORIZATION, lo que tiene un impacto y vectores de ataque no especificados."
    }
  ],
  "id": "CVE-2009-3473",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-29T21:30:00.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/58479"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/58479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36540"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-02-23 22:28

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	Broken Link
cve@mitre.org	http://osvdb.org/40970	Broken Link
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	Patch, Vendor Advisory
cve@mitre.org	http://www.attrition.org/pipermail/vim/2007-August/001765.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/22677	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32651	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/40970	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.attrition.org/pipermail/vim/2007-August/001765.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22677	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32651	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1.4
ibm	db2	8.1.5
ibm	db2	8.1.6
ibm	db2	8.1.6c
ibm	db2	8.1.7
ibm	db2	8.1.7b
ibm	db2	8.1.8
ibm	db2	8.1.8a
ibm	db2	8.1.9
ibm	db2	8.1.9a
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1FC760-D058-4DE6-80B3-F3AA22757A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8190EC6B-BA0D-498D-8ECB-2E37D8742A29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "5F02B3A6-F771-4F6A-A1E8-5E3EC1080272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "DCF379F0-6D58-47A9-849E-C48D13496C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "05154E69-63D7-4F51-89F5-1199A3E6E074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B729909-4377-4472-94C4-432CD89BCF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC320999-569A-48AA-92B7-CDE8394BBC39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA7BA56-F167-4236-A725-B2F38D6B0D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F97F5666-4502-437D-AA81-8C0488CD73B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDB5A77-3D2C-4142-9448-1542D9C99A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFAAAD6-56E0-48FE-8D9E-13BD13D6A776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C77B11-C53E-49E7-9C49-2C574390B609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF6FFCD-E744-4D45-8BDD-32ADC94AD655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4837F6EC-4E0D-480B-8DF4-BD0DA49394A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "IBM DB2 8.x anterior a 8.1 FixPak 15 y 9.1 anterior a Fix Pack 2 no finaliza adecuadamente ciertas cadenas de entrada, lo cual permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de variables de entorno no especificadas que disparan un desbordamiento de b\u00fafer basado en pila."
    }
  ],
  "id": "CVE-2007-1087",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-23T22:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40970"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22677"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32651"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62501
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62501
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en db2licm en el componente Engine Utilities en IBM DB2 v9.5 anterior a FP5 tiene un impacto y vectores de ataque desconocidos."
    }
  ],
  "id": "CVE-2009-4330",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.483",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62501"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-22 20:15

Modified

2025-06-20 19:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249205	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240307-0002/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7105503	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249205	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0002/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7105503	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
hp	hp-ux	-
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23E4D44-3305-407B-92C5-8190434A59DC",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "760B31B3-509C-49E4-BB2C-B48E33782141",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases.  A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database.  IBM X-Force ID:  249205."
    },
    {
      "lang": "es",
      "value": "IBM Db2 10.1, 10.5 y 11.1 podr\u00eda permitir que un usuario remoto ejecute c\u00f3digo arbitrario causado por la instalaci\u00f3n de archivos jar con nombres similares en m\u00faltiples bases de datos. Un usuario podr\u00eda aprovechar esto instalando un archivo jar malicioso que sobrescriba el archivo jar existente con el mismo nombre en otra base de datos. ID de IBM X-Force: 249205."
    }
  ],
  "id": "CVE-2023-27859",
  "lastModified": "2025-06-20T19:15:21.503",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-22T20:15:46.550",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105503"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-09-21 13:29

Modified

2024-11-21 04:00

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/105395	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1041671	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/145502	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10729979	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105395	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041671	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/145502	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10729979	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 contiene una vulnerabilidad en db2cacpy que podr\u00eda permitir que un usuario local lea cualquier archivo en el sistema. IBM X-Force ID: 145502."
    }
  ],
  "id": "CVE-2018-1685",
  "lastModified": "2024-11-21T04:00:12.173",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-21T13:29:00.623",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105395"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041671"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145502"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729979"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-07-20 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07103
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07107
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07108	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07109
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21697987	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/75947
psirt@us.ibm.com	http://www.securitytracker.com/id/1032882
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07103
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07107
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07108	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT07109
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21697987	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75947
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032882

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "025FA405-0FD2-4B19-8FA4-15581085BD15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F425C545-39CD-483C-97A3-BE0DC3EE63DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A6A7680-D883-414F-965B-1D6136760CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*",
              "matchCriteriaId": "76107CFE-EB32-4AF6-9AF9-F16238F9C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "7D1225B0-DBFF-4A13-93CB-1B64AF9ACE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en IBM DB2 9.7 a trav\u00e9s de FP10, 9.8 a trav\u00e9s de FP5, 10.1 anterior a FP5 y 10.5 a trav\u00e9s de FP5 en Linux, UNIX y Windows permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) aprovechando una funci\u00f3n escalar no especificada en una sentencia SQL."
    }
  ],
  "id": "CVE-2015-0157",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-20T01:59:03.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07103"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07107"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07108"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07109"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697987"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/75947"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1032882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032882"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-04-28 01:59

Modified

2025-04-12 10:46

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Summary

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT12462
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT12487
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT12488
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT13350
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21979984	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/85979
psirt@us.ibm.com	http://www.securitytracker.com/id/1035660
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT12462
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT12487
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT12488
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT13350
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21979984	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/85979
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035660

Impacted products

Vendor	Product	Version
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8.0.1
ibm	db2	9.8.0.1
ibm	db2	9.8.0.1
ibm	db2	9.8.0.1
ibm	db2	9.8.0.1
ibm	db2	9.8.0.1
ibm	db2	9.8.0.2
ibm	db2	9.8.0.2
ibm	db2	9.8.0.2
ibm	db2	9.8.0.2
ibm	db2	9.8.0.2
ibm	db2	9.8.0.2
ibm	db2	9.8.0.3
ibm	db2	9.8.0.3
ibm	db2	9.8.0.3
ibm	db2	9.8.0.3
ibm	db2	9.8.0.3
ibm	db2	9.8.0.3
ibm	db2	9.8.0.4
ibm	db2	9.8.0.4
ibm	db2	9.8.0.4
ibm	db2	9.8.0.4
ibm	db2	9.8.0.4
ibm	db2	9.8.0.4
ibm	db2	9.8.0.5
ibm	db2	9.8.0.5
ibm	db2	9.8.0.5
ibm	db2	9.8.0.5
ibm	db2	9.8.0.5
ibm	db2	9.8.0.5
ibm	db2_connect	9.8
ibm	db2_connect	9.8
ibm	db2_connect	9.8
ibm	db2_connect	9.8.0.1
ibm	db2_connect	9.8.0.1
ibm	db2_connect	9.8.0.1
ibm	db2_connect	9.8.0.2
ibm	db2_connect	9.8.0.2
ibm	db2_connect	9.8.0.2
ibm	db2_connect	9.8.0.3
ibm	db2_connect	9.8.0.3
ibm	db2_connect	9.8.0.3
ibm	db2_connect	9.8.0.4
ibm	db2_connect	9.8.0.4
ibm	db2_connect	9.8.0.4
ibm	db2_connect	9.8.0.5
ibm	db2_connect	9.8.0.5
ibm	db2_connect	9.8.0.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2_connect	10.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.7
ibm	db2_connect	10.5.0.7
ibm	db2_connect	10.5.0.7
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2_connect	10.1
ibm	db2_connect	10.1
ibm	db2_connect	10.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.1.0.5
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2_connect	9.7
ibm	db2_connect	9.7
ibm	db2_connect	9.7
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.11
ibm	db2_connect	9.7.0.11
ibm	db2_connect	9.7.0.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "025FA405-0FD2-4B19-8FA4-15581085BD15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F425C545-39CD-483C-97A3-BE0DC3EE63DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A6A7680-D883-414F-965B-1D6136760CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*",
              "matchCriteriaId": "76107CFE-EB32-4AF6-9AF9-F16238F9C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "7D1225B0-DBFF-4A13-93CB-1B64AF9ACE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C4DF59-244A-49C5-80EB-C100C417071A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "84079674-4B7F-4D57-93FC-7AA5F3AD9BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "CEF1999A-DA76-4744-B1A2-EDE81D407B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4841744E-1DF6-46FD-A3D0-9AE31A6F7068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "2D95A491-47B7-442C-BF5B-253FA282BFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "FA799CDD-705E-477E-A9B8-989F73A2EDB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "29177AE5-CC52-4EB3-8F76-AFCDFA4829AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.2:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "FA21D7B5-AFC6-419B-A364-E7E0E192EFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.2:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "C772737A-44D3-4C1A-B160-A855919A50EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A3EE94A4-B2A8-4D21-85FB-A31B7BCBF94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.2:*:*:*:express:*:*:*",
              "matchCriteriaId": "313EDF08-82CF-4E39-9C45-2BF2CC687291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.2:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "EA759A71-95FC-409F-991E-ECC59276A905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "734E79E6-4A83-4CBF-B8B3-2D6D4491728E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "9108E136-6060-48A5-9067-E7BAE3411C2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "02BAE3AF-01D9-4212-BB76-A6239AA515CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2038DE46-2342-40CD-A31A-5B62BA4876A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:express:*:*:*",
              "matchCriteriaId": "D45FC46A-DBA8-4751-BE20-C8A69B527B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "90E100DE-FEA9-4EB5-B866-09CDB3C23A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3631F758-5C8F-4D24-81C1-D6146B0209CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "FFBB874F-C6C4-446B-A7A0-AFD5FE37E3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "6CA061B4-7BEE-4647-99AB-969684979DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DE56C1A2-C5E6-4C5D-851B-C9C24D5D5295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:express:*:*:*",
              "matchCriteriaId": "B617F85F-4549-4157-902A-2AADE0814DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "59E54322-ACEE-4758-95E7-9C04705A4376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB6E617-98EA-4944-9211-FFEE9E50FE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "04FF362F-CF7A-491F-B706-E337897DB008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "DBB5F25C-8E9B-4B78-B004-86CAB7C3D1C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "193025CB-2ABD-4E56-9597-8AF347D4A69A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "53C3D7FF-1A5F-4C8F-9AC9-F207CC62BC2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "58C46DEA-F501-480B-A587-836CEC7AC658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "75EEC46D-5DCC-4F28-9E85-8CDD6F9A95BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "04B08EA1-8DA2-4374-8C64-5266A3ED0163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "764271F0-8051-4442-85D7-4C79CE2269D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "77A5180A-59A4-419A-8C89-A128F18886FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "8484116F-FE56-4ECA-93AB-17C3ADCE109D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "D51C4875-E598-4048-B212-93561A1CA16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.2:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "3A67B13B-C67C-4E14-AD6E-584DA4215002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "601109C4-81B4-4D1D-94EA-63163F26F0F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.2:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "E1D2F38C-9E44-46FB-95B4-0372AE798C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.3:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "57883CD6-1198-44BB-87E0-8B0ACDE5663D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "BD678724-2232-49E2-B7A8-CC2EE494946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.3:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "6A1114D3-87AE-409C-971A-6D8EFEE821B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.4:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "FAF6A896-D720-432F-BC3E-C0393426C20C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "EA077C9E-C227-4C5C-9B66-E8BBC916F893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.4:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "C289F346-7F2E-4A7E-9716-983F656E2EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "46ED44E3-F7BD-4D45-B19F-CCC62B1D333C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "0F9CB269-5616-49EF-B3E5-CC5DE803EAE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "ABE822D1-4F9C-4F95-A36F-6CE23FA9CCE6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "C66D33C1-8FB6-4840-8797-A0A8822BA657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B271D557-5CDE-4B23-AEC3-BEAFA0DD8020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "61CB1EB7-4012-491F-AE13-EDAE4B3F564D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "DCAB0313-EC4D-41BB-AE87-27DADC448DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "2C8493DA-57EB-44C8-A47F-519B5A716CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "C59A77F7-10AD-4149-BCAB-44E0C3BD0477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "53158B7F-3D69-4ED0-AFA8-053AE0DD36C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D9F12837-B444-43D8-BE8B-6723C079D148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACDBAE00-B031-4C48-8CD5-B1EAEAC6371A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "05C71242-D201-49CF-A091-A2400BAB7F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2D4622F5-4384-4B62-84E6-AFB01B26717C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E59FE93E-A983-4F55-8C40-DC0F88372185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "3BD40599-8F50-4882-AB1F-C6E4BA7E787D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:express:*:*:*",
              "matchCriteriaId": "F04F901A-A846-4E45-8F48-C4D5F86CDFF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "9D0D0938-DD1F-46F3-BF06-72C6BA85195C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "D10F4882-F09F-449E-BB46-8532FC7E667F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "32618EBA-B913-4DA9-801D-24ED735D50A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4C1C6574-18E1-4FBC-B78D-788910659710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:express:*:*:*",
              "matchCriteriaId": "6A03EEE1-E6F3-44B1-B2F4-B1C48F155BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "8A5BB979-A1A2-4C1B-879E-8EB96026C7CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "9B6725E8-476E-41DA-AC46-B898467FE553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "9AF7330E-EAA4-4063-879D-9DC5B7505EAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "73EF53E9-B6C9-4A8F-8EE9-4D190DA686BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "F98A9F67-78B0-40E5-8CAF-37B6B2AA6F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "D7AF250F-8D36-4596-9754-2718EFBA5B39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "6D38B577-3919-4E91-9EBC-A5E247AAED2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "36831245-948F-443F-A231-F4451154E96B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "89037FB6-8E7D-4E4E-957B-39AC7A7E7693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:express:*:*:*",
              "matchCriteriaId": "382FE250-BD14-4051-9666-4CDDBDF4D6DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "376217A0-1D6C-4279-9528-D738920A127F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "88B4D2AF-6831-4B8B-B093-1ECF8A0BABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F64EC511-E8E4-459F-99F2-8B0167B3DC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A0D8A2E7-E382-4E9B-A409-0C27C3F6819C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "B254202B-1A6C-4506-BE7F-2B746DF1EFA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "E7BF68DD-442D-4AA9-9139-A2A0FF903FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "C22B49A3-FE14-4677-A141-935AE852E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "278FEDCA-CDE6-4EB6-BCD8-B4B0507DC9A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "B0106414-9BB7-4189-B30E-E5D2B92DCD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "057148B7-7877-406B-BCCA-4F73EB763E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FCE19A5D-FD98-4894-9E3F-402201183C06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "657F1C1B-7C19-499A-9E83-5C02E6CCBBF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "87F1950D-DA81-4FE9-92A7-FFA4C848712C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D88F6FBC-E7EC-4DCD-83C2-B97796A8FABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "7C1FDAEF-9898-45BF-B6F8-3B11643E3E21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "BB04D50F-A3D4-450B-9B54-B01EF5262875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2BFBADE9-6B3A-4E57-B5C7-CB1F64A2A117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "DBF9677A-C9A3-4E7B-9F6C-D5B25D3199E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "8E9DC60B-AD0B-411E-8C45-FC13BAE808E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "BE06C451-7ACE-4C51-97D3-0706670289A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "A485805A-CAD3-4413-9884-B5FDA2335EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "813AE8F1-4CBC-48C1-BD8A-E34B504FCCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A7F6A685-02F4-4588-9E93-F5B3786C3798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "D9F2DA09-A6AB-4E8E-8DD2-944F3C212C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "8E6366D7-1F03-458D-A85B-F58A7C42EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FACC7C87-6BB7-4538-B6FC-0B751D674855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "4EA683DC-1241-4B82-BEAC-E5A1DA37CEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "DC1FDA00-1A3E-4520-ABBA-F9A28CF1D5D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C6B3BA4F-A16F-466E-890D-342A11A4D91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "4B778C91-03D0-4A20-9D68-A2F52D9A3302",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "D3396279-1384-42C7-AE23-9C22027BF849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "2B41AD1A-4EC2-4FB9-BE50-07F4EA8DB52A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "08B19729-1FF1-4253-9C76-707357FC3085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "84283835-03F9-496B-B22F-C201BB53F9CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "221885F3-AD20-46B4-983F-51349493B259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "92E3C74F-6764-4D96-B5BC-2395B95F8A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "2811974B-5CBD-4A14-8309-6FAC942B36EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "957BCDB3-D975-451D-8EB8-B06BFDF22AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:express:*:*:*",
              "matchCriteriaId": "2F46AA23-B030-4752-9B23-0B84A9A9D849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "EB7647F0-40F1-4861-8F5A-7A60D0406171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "B7B3A7E6-72C8-48AF-85D7-2D8B47545E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "9385C154-3FE2-4C9B-ABB2-E0AC9D32F410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "8B05B2E7-77DB-4C2A-8FB0-81AE7424573E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:express:*:*:*",
              "matchCriteriaId": "66361477-AF76-4C7B-A400-473448F48C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "C5F04C50-77EB-4D29-B17A-B6962BB71A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "DE8DB42E-633E-483A-84F0-404900E9CEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "70CA5418-9B60-4972-B38E-12560C3ADFA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "71990C6B-6942-4319-90A2-19F5ED136B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:express:*:*:*",
              "matchCriteriaId": "CF3CB891-AE62-4E0E-926A-7355554E022E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "57513E4A-AC67-4DC3-8FAD-309BBEF64360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "B3F57784-9A43-4B4B-8910-C8509CF92EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "DE19053A-9DE6-40AA-BFAA-CE98AB1360F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "456DF2B9-1107-4F4B-BF8E-2CCCAC5CFCC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "73776FA2-6E94-49FF-AE08-6A4767C1DC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "B60627D6-FBB6-492A-B7FF-2733EA1E8F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "44010A01-4E33-4A6D-83DE-6235AEEE90F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F40068BF-82CC-43D5-99BC-1228337995FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "97626150-FED1-49F7-9CA5-4A5C61A5544C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "C679EB6F-C5C7-4206-B6D4-931D47D99FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C2CB92C8-26B8-4CBE-9B1A-2E32BF22AFAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "84266CFB-28C7-4CA6-9019-F5E76BE4B334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "3A07AC99-0665-4CF4-A5D3-BDAC0031F4C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AD9FB45B-35E8-43B8-B64B-E36EA9B8614E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "DF0FDD49-560E-4413-9577-4258A205E24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "573E9E55-9192-4DAD-808C-40383043E69E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "ED4D2143-BE03-43ED-ADBE-2FE007774356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "F7D6A273-8D1A-4D5B-A48C-AEF57CB9EB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "6CF6EBC2-4172-4916-A31B-BDE3257C057B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "115908C3-8273-482A-BA95-60E7A9309E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "F3D6B5E7-63F0-4A6E-992D-05D4A3A4E189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "78CF81B1-08BA-4216-9FB1-B5430F0474BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "73C671CA-712E-485B-97DD-FA6246FAA61F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "FC5837DD-D508-4695-ADF8-2AAE0D853CCC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "178CD2CC-B0D6-4F9B-A831-A2ACCB7A84A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "21A98521-C943-4161-A363-B7B95BDA9834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C214C846-04C9-4F22-A7D3-0198D9DC7F72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "D6A59399-CBAB-47F2-A10B-30AAD4CBB155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "F7517329-D20E-47F1-95F1-77B8F5675D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "72FA0609-7995-4424-A8C9-B804300D54DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "BE75DDE9-58B4-4851-A1B2-65CB8E877C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "8ADE94C4-769A-4AAE-A5FB-55575016D51A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:express:*:*:*",
              "matchCriteriaId": "63999EAB-82B3-4617-B81D-57B1230CC8D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "F97D1D66-0CC4-4CB4-AEEC-1A89825430B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "654ADB90-BD74-4D48-AACA-6A5872188489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "CB725265-78B3-46C2-8440-D0774E1546E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1E62C8AD-00D0-4D01-89A2-5C167EFA01BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:express:*:*:*",
              "matchCriteriaId": "286FE494-777D-4833-8155-73EBFE5FE9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "75A10653-BDF2-400F-9BE6-D97D206FA05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "969490BD-E0E7-4084-B7DE-4E1F8A577A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "AA58137A-A4CA-4599-89A7-7ECFFEC6FD21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "73419A77-34EC-405D-A0DD-F74038A9AA55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:express:*:*:*",
              "matchCriteriaId": "E7AFFD68-912E-4EC3-8BD3-AFB0FF2ED35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "53AF9275-862F-4B16-B396-644A4274F59C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "15800A2B-0F00-41A6-984F-B240A8808EB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "A3CF9276-2F50-4276-9599-4C1FACDD5FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2F894A3D-A9A5-4031-B06A-967659941B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "C86BD01F-EDC8-4DF8-B9ED-5FBB73CFF207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "15BBE131-F21A-4B7F-B9B7-364EF4030881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A390F0B7-D555-4C97-B15B-AC6A43787E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F90DFB7F-6814-4B10-B7C7-E237464D3D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4F5EAB4D-E6C3-4D39-AD82-DEFBB53919EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:express:*:*:*",
              "matchCriteriaId": "48334AA6-4F27-4E4B-A18A-264654225886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "62F74620-7648-4EC9-8677-E9454B8EAB17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "F120F1BA-E1CA-4334-B9D4-E8AD3DAFC713",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "7AA3EE6C-8312-403B-84E6-DBD7510DBE3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2074CA1A-BB2A-4F60-8547-0A39BEDD09F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "72EB4294-534E-4AE1-8F29-E0D135E1E7F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "D5AF5C44-3736-4FA0-BA19-2845F57BB043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "7FBF2CE1-BF7E-4635-A4C2-B8F5F2338161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "296B7182-3453-47D1-B54A-C2D1336424B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AABD6673-F7A6-486A-A83E-89F0172311ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:express:*:*:*",
              "matchCriteriaId": "5A1D1E23-2979-4188-B12D-66CF0F681354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "9B31EAB3-D885-452A-93B2-22A3F94FEB08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "BE50990D-E66E-4A19-88D8-7B5CB5CA4A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD0EE0C0-B089-4A2A-8438-3F31BA1CCB3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "E76E023D-7784-4B6C-BD01-534CAF5593D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:express:*:*:*",
              "matchCriteriaId": "22406FC8-D248-4F29-9ACC-C5F759EC6FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "5640DC5A-2C5E-4B17-95D9-5FBCF73A5C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "31215FF9-5DEC-4B2B-86C3-1ADE658F6B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B39D6D16-6B10-4C87-BFA4-981ABD4DFD88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C8640FCE-EA72-43BD-939A-AF48E1B534C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:express:*:*:*",
              "matchCriteriaId": "F926754F-71A8-4570-B5F7-38C7F1F9C464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "4E028577-7C4C-4091-81F4-7872CC6F2E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "5A3E5BD5-6C94-4128-BA0B-1F434E185746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "D608FE25-68DB-4436-9C30-14B2D509F7D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "7647800B-5603-42A4-8CBC-6A0BA228F1D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:express:*:*:*",
              "matchCriteriaId": "95C63204-F838-4CE4-B98C-21461E8028D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "938864B9-44D0-47E6-9961-9C4474AC6643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "3F75FF9A-AAAE-4EFA-B698-230B5CCD0940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4D38B30C-4CC3-43C9-9360-0A79C36A222F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "3599AC98-ACD3-4A09-9764-080A6B8F56A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "C7D25C1C-3560-48B9-A7E1-1E268BDE5A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2E22AE16-1F17-4F1D-8C00-949729FA3A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "B26A6BF8-F321-4EC3-8EE9-1396C0513B55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "927E9A8F-82B4-4D3B-B800-F1A11A90046E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AFD159D3-2FE5-4815-8365-53CC36204B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "524EC7BA-7470-4D09-8796-CAF9D5A85DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "D044ABF8-2F9A-4505-9BB7-776A90D647C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AB7D388A-456A-490A-9D4B-4AE2BCC871C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "A841C615-D049-44CA-BB0E-BCC526535227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "D5BE71A5-6298-4E05-859E-153C47C3B032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D8FC0956-2B4D-43E0-ABD7-23915DCA8E01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "5528F9F8-80D2-4AA8-B151-FABEABCFFC83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "113F8614-32BE-4A9E-B770-BE768947C13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "77B720B6-E253-4FEE-A9EE-CE4C455FBEBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "2A73D3F8-803E-4E75-9E01-8F004C50190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "0592E180-F4DC-424F-93A4-4B0C6350C6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DCAE5624-B81B-4253-A416-D2111B10F29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "C662B9B9-D210-484A-9D43-A30585052F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "7172F912-E08B-4102-B38D-A3B1671DED62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B219F088-3C1D-4468-9990-35D48E3C1092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "FFA270A6-81CD-4D24-B37F-9BE7AD4AC258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "7DE842AD-EECE-4CF4-886C-91AF654C7492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6766C050-5775-4C58-BC77-C9B6A8EDF3E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "AD9377C9-3F5C-4F9A-92FF-18F3E4312CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "5E4899B5-2326-4A30-BE94-E66272B14FCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "E9EBF086-C6C9-4386-9645-3E97A61ADC8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "DD7C0F7C-7682-49FF-AAA5-C6D59D00214D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "DF7307CA-59F9-41F9-B7B6-C5EAC6F01883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CAFE61E6-92A6-4409-937A-A3620579EFDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "819EB03B-445B-42A5-96D7-56E1D5D21088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "32C4BA27-E82C-4453-BC80-22A74568B229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "79FEC79B-F178-4D66-97BF-9E6909DB5F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "AB2DA26B-B0DD-4995-86BD-2BC455888415",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.7 hasta la versi\u00f3n FP11, 9.8 y 10.1 hasta la versi\u00f3n FP5, y 10.5 hasta la versi\u00f3n FP7 en Linux, UNIX y Windows permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de un mensaje DRDA manipulado."
    }
  ],
  "id": "CVE-2016-0211",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-28T01:59:00.723",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12462"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12487"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12488"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13350"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979984"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/85979"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1035660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/85979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035660"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-04-27 18:05

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar.

References

URL	Tags
cve@mitre.org	http://osvdb.org/46268
cve@mitre.org	http://osvdb.org/46269
cve@mitre.org	http://secunia.com/advisories/29022	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21255607
cve@mitre.org	http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml
cve@mitre.org	http://www.securityfocus.com/archive/1/491071/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/28835
cve@mitre.org	http://www.securityfocus.com/bid/29601
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41955
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/46268
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/46269
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29022	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21255607
af854a3a-2127-422b-91ae-364da2661108	http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491071/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28835
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29601
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41955

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.5
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1FC760-D058-4DE6-80B3-F3AA22757A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "72FA9A16-8AFD-4D93-95B4-EAB6E6030D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BB299EAB-31AA-4BAA-B477-0F909A8418AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "6FD22E1E-F5BC-45D5-98F4-EDEE87D718F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "1CA96F81-E7BD-4BEB-9B4F-6CEA95B57742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "222C1B84-0C28-451F-BB02-4CB925263312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "08177181-660C-4BF4-9031-74EE89297CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "AB51AF7F-6D09-4EEE-AE8E-E6CCF06C28E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6b:*:*:*:*:*:*",
              "matchCriteriaId": "64BC5E59-361E-4343-9BB9-9772D47E57B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6c:*:*:*:*:*:*",
              "matchCriteriaId": "A2E1FC49-96AF-4933-BBE8-71DAEAEDD855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "0B5FF14E-2971-4F3F-AD25-D00B0FEDA08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "56B7F547-3519-4A12-AB65-C1768153A7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7b:*:*:*:*:*:*",
              "matchCriteriaId": "FE9D14B8-5B4E-4D27-88B9-EBAC46D8282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8a:*:*:*:*:*:*",
              "matchCriteriaId": "6669F847-ED6A-422F-85F7-DAF9B0159F01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "E8D354AD-995D-4FC8-A7C4-7860549A1634",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en las rutinas de administraci\u00f3n de archivos JAR en el subcomponente BSU JAVA en IBM DB2 versi\u00f3n 8 anteriores a FP16, versi\u00f3n 9.1 anteriores a FP4a y versi\u00f3n 9.5 anteriores a FP1, permite a usuarios autenticados remotos causar una denegaci\u00f3n de servicio (por ejemplo, un bloqueo de instancia) por medio  de una llamada al procedimiento (1) RECOVERJAR o (2) REMOVE_JAR_JAR con un par\u00e1metro  dise\u00f1ado, relacionado con (a) sqlj.install_jar y (b) sqlj.replace_jar."
    }
  ],
  "evaluatorSolution": "http://www-1.ibm.com/support/docview.wss?uid=swg21255572http://www-1.ibm.com/support/docview.wss?uid=swg21287889\r\nhttp://www-1.ibm.com/support/docview.wss?uid=swg21256235",
  "id": "CVE-2008-1966",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-04-27T18:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/46268"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/46269"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/491071/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28835"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29601"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/46268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/46269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/491071/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41955"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2025-02-13 17:16

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/253437	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230731-0007/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/253437	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230731-0007/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  253437."
    }
  ],
  "id": "CVE-2023-30448",
  "lastModified": "2025-02-13T17:16:24.420",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:52.210",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253437"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-11-09 01:29

Modified

2024-11-21 04:00

Severity ?

7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10733939	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/105885	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1042086	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/150511	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10733939	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105885	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042086	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/150511	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podr\u00eda permitir a un usuario local escalar sus privilegios a root a trav\u00e9s de un ataque de enlace simb\u00f3lico. IBM X-Force ID: 150511."
    }
  ],
  "id": "CVE-2018-1834",
  "lastModified": "2024-11-21T04:00:28.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-09T01:29:00.727",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105885"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042086"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150511"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-03 18:15

Modified

2024-11-21 08:26

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/268073	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240112-0004/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7087207	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/268073	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240112-0004/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7087207	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used.  IBM X-Force ID:  268073."
    },
    {
      "lang": "es",
      "value": "La Interfaz de L\u00ednea de Comandos (CLI) de IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5 es vulnerable a una denegaci\u00f3n de servicio cuando se utiliza una solicitud especialmente manipulada. ID de IBM X-Force: 268073."
    }
  ],
  "id": "CVE-2023-45178",
  "lastModified": "2024-11-21T08:26:29.833",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-03T18:15:42.273",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268073"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240112-0004/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240112-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087207"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-04-28 19:15

Modified

2024-11-21 07:50

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/247864	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230511-0010/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6985681	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/247864	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230511-0010/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6985681	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3",
              "versionEndExcluding": "11.1.4",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause.  IBM X-Force ID:  247864."
    }
  ],
  "id": "CVE-2023-26021",
  "lastModified": "2024-11-21T07:50:36.660",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-28T19:15:16.713",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247864"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985681"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-30 23:55

Modified

2025-04-12 10:46

Severity ?

Summary

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IC99480	Vendor Advisory
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21610582#4
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21673947
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/89860
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IC99480	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21610582#4
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21673947
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/89860

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority."
    },
    {
      "lang": "es",
      "value": "La infraestructura Stored Procedure en IBM DB2 9.5, 9.7 anterior a FP9a, 10.1 anterior a FP3a y 10.5 anterior a FP3a en Windows permite a usuarios remotos autenticados ganar privilegios mediante el aprovechamiento del privilegio CONNECT y la autoridad CREATE_EXTERNAL_ROUTINE."
    }
  ],
  "id": "CVE-2013-6744",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-30T23:55:02.457",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC99480"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21673947"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC99480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21673947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89860"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-06-03 21:00

Modified

2025-04-09 00:30

Severity ?

Summary

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch
cve@mitre.org	http://secunia.com/advisories/31787	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/35235	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1022319
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	Patch
cve@mitre.org	http://www.securityfocus.com/bid/35171
cve@mitre.org	http://www.securityfocus.com/bid/36540
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/50909
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31787	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35235	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022319
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35171
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36540
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/50909

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "8A94F484-424C-4DF3-9327-95CFC7B4A83E",
              "versionEndIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "D205DCFE-B7B2-424F-9C50-AE7E9250F2F7",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DED8AD3B-99A5-4531-8762-A80B22B05C3C",
              "versionEndIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fix_pack15:*:*:*:*:*:*",
              "matchCriteriaId": "7D94A061-0B20-4FCA-B2C0-1564F7EF0113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El componente Code Infrastructure en IBM DB2 v8 anterior a FP17 v9.1, anterior a FP7, y v9.5 anterior a FP4, cuando est\u00e1n activadas la seguridad LDAP (aka IBMLDAPauthserver) y las vinculaciones (bind) an\u00f3nimas, permite a atacantes remotos evitar la autenticaci\u00f3n mediante contrase\u00f1a y establecer una conexi\u00f3n con la base de datos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2009-1905",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-03T21:00:00.250",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35235"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1022319"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35171"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36540"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50909"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-25 14:29

Modified

2024-11-21 03:59

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016181	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1041004	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/140044	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016181	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041004	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/140044	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podr\u00eda permitir a un usuario local sobrescribir archivos arbitrarios pertenecientes al propietario de la instancia del DB2. IBM X-Force ID: 140044."
    }
  ],
  "id": "CVE-2018-1449",
  "lastModified": "2024-11-21T03:59:50.507",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T14:29:00.403",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041004"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140044"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-03-11 22:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/152859	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/152859	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y WIndows (incluye DB2 Connect Server), en versiones 9.7, 10.1, 10.5 y 11.1, est\u00e1 afectado por una vulnerabilidad de desbordamiento de b\u00fafer que puede resultar en una ejecuci\u00f3n de c\u00f3digo arbitrario. IBM X-Force ID: 152859."
    }
  ],
  "id": "CVE-2018-1923",
  "lastModified": "2024-11-21T04:00:36.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-11T22:29:00.563",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152859"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-12 19:15

Modified

2024-11-21 07:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/287612	VDB Entry
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7156851	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/287612	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240828-0004/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7156851	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.  IBM X-Force ID:  287612."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio, en configuraciones espec\u00edficas, ya que el servidor puede fallar cuando se utiliza una declaraci\u00f3n SQL especialmente manipulada por un usuario autenticado. ID de IBM X-Force: 287612."
    }
  ],
  "id": "CVE-2023-29267",
  "lastModified": "2024-11-21T07:56:46.417",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-12T19:15:50.020",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287612"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7156851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240828-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7156851"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-04-03 13:16

Modified

2025-01-31 17:45

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.

References

URL	Tags
psirt@us.ibm.com	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/281677	Third Party Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240517-0006/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7145725	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/281677	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240517-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7145725	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	db2	11.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  281677."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 almacena informaci\u00f3n potencialmente confidencial en archivos de registro que un usuario local podr\u00eda leer. ID de IBM X-Force: 281677."
    }
  ],
  "id": "CVE-2024-25030",
  "lastModified": "2025-01-31T17:45:39.267",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-03T13:16:01.590",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/281677"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/281677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145725"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-09-16 16:15

Modified

2024-11-21 06:01

Severity ?

4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/201780	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20220526-0003/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6489489	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/201780	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220526-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6489489	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	db2	11.2
	ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.2:*:*:*:*:-:*:*",
              "matchCriteriaId": "001491A2-2F08-4D47-A1D3-7588DAE3CC96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780."
    },
    {
      "lang": "es",
      "value": "IBM Db2 versiones 11.2 y 11.5, contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n, que expone las credenciales de almacenamiento remoto a usuarios privilegiados bajo condiciones espec\u00edficas. IBM X-Fporce ID: 201780"
    }
  ],
  "id": "CVE-2021-29752",
  "lastModified": "2024-11-21T06:01:44.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-16T16:15:07.937",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201780"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220526-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6489489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220526-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6489489"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-17 00:15

Modified

2024-11-21 08:19

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/263499	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20231116-0007/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7047561	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/263499	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231116-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7047561	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8966D805-3817-488E-B692-D15838AD3469",
              "versionEndIncluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables.  IBM X-Force ID:  263499."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 es vulnerable a la Denegaci\u00f3n de Servicio con una declaraci\u00f3n SQL especialmente manipulada que utiliza tablas externas. ID de IBM X-Force: 263499."
    }
  ],
  "id": "CVE-2023-40372",
  "lastModified": "2024-11-21T08:19:19.170",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-17T00:15:10.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047561"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-12 21:29

Modified

2025-04-20 01:37

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22006885	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100685	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1039300	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/128057	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22006885	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100685	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039300	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/128057	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	11.1.0.0
ibm	db2_connect	9.7
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.11
ibm	db2_connect	10.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.7
ibm	db2_connect	11.1.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F07F2-3F58-4999-97E9-50C627D9CB84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "CA651B7E-418B-4C3C-9A83-7E25342D884F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2418D4-8A16-4617-AE27-B2FDD68711C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC23293-580F-48B7-BB18-C91E254B4885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DD2BBD-1ED1-4FF0-8A5D-AD36B71BF5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A09A6A-D7D8-4ADE-850B-1FA98E4FD8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45EA04C9-3B45-47C2-88C6-4BE578673A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "10331272-C7E3-4F77-BAB7-C931CDD57699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "781B87AB-DBCA-495A-B809-648357EF6873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8F6CF0-8418-41CB-B3E5-B04CF633DBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28D8A2E-ECA5-401E-806B-2385668C90D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D92905F-5327-4CAA-9ECE-5211FB92BF14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9620D61-5F09-44E7-A19F-7E70A7F0D832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC80416E-982E-496E-BB46-5928FDB8CF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B2A6C0-93D4-4648-A507-62F075D6AFCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9510BA35-C62A-46CE-A009-F20971EAE9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE54DD24-2E67-49D9-81EB-88A50ED3FB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20186C62-14F0-47FA-BF37-772AEDF64E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD73C3-412C-461A-A1A4-BB760CC3C2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D91F10-BC9A-4A20-A153-022C9207A1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95700FA-C64B-40D9-81C5-39A76961A89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DF3EF9D-7FD1-46F4-A745-2C3D31B2E12F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "269C7299-D812-462D-9C4D-D36F5665789E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89A2701-5904-4DBD-8AAC-9972611CC92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B42E8C32-272B-4D9D-8479-D15D511FAAE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E32FD81-F765-4115-9977-B1913CE13106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10,1, 10.5 y 11.1 (incluido DB2 Connect Server) podr\u00eda permitir a un usuario local con privilegios de propietario en la instancia DB2 obtener acceso root. IBM X-Force ID: 128057."
    }
  ],
  "id": "CVE-2017-1438",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T21:29:00.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006885"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100685"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039300"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128057"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=110495620513954&w=2
cve@mitre.org	http://secunia.com/advisories/12733/	Patch, Vendor Advisory
cve@mitre.org	http://www.ngssoftware.com/advisories/db205012005I.txt	Patch
cve@mitre.org	http://www.securityfocus.com/bid/12170
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/18761
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=110495620513954&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12733/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ngssoftware.com/advisories/db205012005I.txt	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/12170
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/18761

Impacted products

	Vendor	Product	Version
	ibm	db2	8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8190EC6B-BA0D-498D-8ECB-2E37D8742A29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile."
    }
  ],
  "id": "CVE-2005-4871",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110495620513954\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12733/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ngssoftware.com/advisories/db205012005I.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/12170"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110495620513954\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12733/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ngssoftware.com/advisories/db205012005I.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/12170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18761"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-11-09 01:29

Modified

2024-11-21 04:00

Severity ?

4.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10734059	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/105883	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1042176	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/151155	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10734059	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105883	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042176	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/151155	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn\u0027t be able to see. IBM X-Force ID: 151155."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 11.1 podr\u00eda permitir que un usuario omita el control FGAC y obtenga acceso a datos que no deber\u00edan ser visibles. IBM X-Force ID: 151155."
    }
  ],
  "id": "CVE-2018-1857",
  "lastModified": "2024-11-21T04:00:30.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-09T01:29:00.837",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10734059"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105883"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042176"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10734059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151155"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-04-28 18:15

Modified

2024-11-21 07:53

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249187	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230511-0010/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6985683	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249187	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230511-0010/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6985683	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3",
              "versionEndExcluding": "11.1.4",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers.  IBM X-Force ID:  249187."
    }
  ],
  "id": "CVE-2023-27555",
  "lastModified": "2024-11-21T07:53:08.090",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-28T18:15:26.250",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249187"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985683"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-04-03 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

References

URL	Tags
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21381257	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0912	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49864
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21381257	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0912	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49864

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "90C0F24A-7D81-4A4B-8987-FEF3214AFB7E",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:connect_server:*:*:*:*:*",
              "matchCriteriaId": "7372EC03-10FD-4A90-801A-B7947436CE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "959E00AE-24A2-4890-A120-0EDEC401A2F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:express_server:*:*:*:*:*",
              "matchCriteriaId": "66CF4477-2D86-48D6-BD56-E09A01EA518F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:personal:*:*:*:*:*",
              "matchCriteriaId": "CE1F8C8D-DC4C-4401-9D83-BBCF9687035D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:workgroup_server:*:*:*:*:*",
              "matchCriteriaId": "C1C73916-C875-4137-A208-6AE5EEB1A94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:unix:*:*:*:*:*",
              "matchCriteriaId": "AB624942-B12A-48B4-88F8-22261CBED995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:windows:*:*:*:*:*",
              "matchCriteriaId": "C631A734-423E-4C76-8E1C-A4BB2974DA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.1 anteriores a FP7 devuelve resultados incorrectos en ciertas situaciones relacionadas con la orden de aplicaci\u00f3n de una identificaci\u00f3n INNER JOIN y una identificaci\u00f3n OUTER JOIN, lo que permitir\u00eda a atacantes conseguir informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n manipulada."
    }
  ],
  "id": "CVE-2009-1239",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-03T18:30:00.640",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0912"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-29 18:15

Modified

2025-08-06 19:32

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7240947	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	12.1.0
ibm	db2	12.1.1
ibm	db2	12.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
              "matchCriteriaId": "FB68EACE-0F80-448C-962E-756CF3FF6734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "BB83F549-7120-4B17-9172-F338FD427F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
              "matchCriteriaId": "703CB3FF-6DB5-432E-B469-2A90A33A5F2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux 12.1.0, 12.1.1 y 12.1.2 es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2025-2533",
  "lastModified": "2025-08-06T19:32:11.053",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-29T18:15:27.567",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7240947"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-789"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 07:53

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249194	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230818-0017/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010571	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249194	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230818-0017/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010571	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path.   A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service.  IBM X-Force ID:  249194."
    }
  ],
  "id": "CVE-2023-27558",
  "lastModified": "2024-11-21T07:53:08.493",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:50.007",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249194"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0017/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0017/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010571"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-22 19:15

Modified

2024-11-21 08:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/272644	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240307-0003/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7105505	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/272644	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0003/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7105505	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
hp	hp-ux	-
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23E4D44-3305-407B-92C5-8190434A59DC",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "760B31B3-509C-49E4-BB2C-B48E33782141",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  272644."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podr\u00eda permitir que un usuario autenticado con privilegios CONNECT provoque una denegaci\u00f3n de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 272644."
    }
  ],
  "id": "CVE-2023-47746",
  "lastModified": "2024-11-21T08:30:45.207",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-22T19:15:08.730",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272644"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105505"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-12 21:29

Modified

2025-04-20 01:37

Severity ?

4.7 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22005740	Mitigation, Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100693	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1039297	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/127806	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22005740	Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100693	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039297	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/127806	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1.0.0
ibm	db2_connect	11.1.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E32FD81-F765-4115-9977-B1913CE13106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 11.1 (incluye DB2 Connect Server), bajo circunstancias no habituales, podr\u00eda exponer informaci\u00f3n altamente sensible a un usuario local mediante el registro de errores."
    }
  ],
  "id": "CVE-2017-1434",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T21:29:00.283",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005740"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100693"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039297"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-12 21:29

Modified

2025-04-20 01:37

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22007186	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100684	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1039308	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/129830	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22007186	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100684	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039308	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/129830	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	11.1.0.0
ibm	db2_connect	9.7
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.11
ibm	db2_connect	10.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.7
ibm	db2_connect	11.1.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F07F2-3F58-4999-97E9-50C627D9CB84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "CA651B7E-418B-4C3C-9A83-7E25342D884F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2418D4-8A16-4617-AE27-B2FDD68711C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC23293-580F-48B7-BB18-C91E254B4885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DD2BBD-1ED1-4FF0-8A5D-AD36B71BF5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A09A6A-D7D8-4ADE-850B-1FA98E4FD8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45EA04C9-3B45-47C2-88C6-4BE578673A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "10331272-C7E3-4F77-BAB7-C931CDD57699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "781B87AB-DBCA-495A-B809-648357EF6873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8F6CF0-8418-41CB-B3E5-B04CF633DBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28D8A2E-ECA5-401E-806B-2385668C90D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D92905F-5327-4CAA-9ECE-5211FB92BF14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9620D61-5F09-44E7-A19F-7E70A7F0D832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC80416E-982E-496E-BB46-5928FDB8CF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B2A6C0-93D4-4648-A507-62F075D6AFCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9510BA35-C62A-46CE-A009-F20971EAE9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE54DD24-2E67-49D9-81EB-88A50ED3FB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20186C62-14F0-47FA-BF37-772AEDF64E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD73C3-412C-461A-A1A4-BB760CC3C2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D91F10-BC9A-4A20-A153-022C9207A1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95700FA-C64B-40D9-81C5-39A76961A89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DF3EF9D-7FD1-46F4-A745-2C3D31B2E12F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "269C7299-D812-462D-9C4D-D36F5665789E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89A2701-5904-4DBD-8AAC-9972611CC92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B42E8C32-272B-4D9D-8479-D15D511FAAE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E32FD81-F765-4115-9977-B1913CE13106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.7, 10,1, 10.5 y 11.1 es vulnerable a que se ejecute un comando no autorizado que permita activar la base de datos cuando la autenticaci\u00f3n es de tipo CLIENT. IBM X-Force ID: 129830."
    }
  ],
  "id": "CVE-2017-1520",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T21:29:00.673",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22007186"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100684"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039308"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22007186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-03-11 22:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/152858	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/152858	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y WIndows (incluye DB2 Connect Server), en versiones 9.7, 10.1, 10.5 y 11.1, est\u00e1 afectado por una vulnerabilidad de desbordamiento de b\u00fafer que puede resultar en una ejecuci\u00f3n de c\u00f3digo arbitrario. IBM X-Force ID: 152858."
    }
  ],
  "id": "CVE-2018-1922",
  "lastModified": "2024-11-21T04:00:36.237",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-11T22:29:00.500",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152858"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-04-03 13:16

Modified

2025-01-31 17:20

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.

References

URL	Tags
psirt@us.ibm.com	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/280905	Third Party Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240517-0003/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7145730	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/280905	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240517-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7145730	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables.  IBM X-Force ID:  280905."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegaci\u00f3n de servicio con una consulta especialmente manipulada en determinadas tablas de columnas. ID de IBM X-Force: 280905."
    }
  ],
  "id": "CVE-2024-22360",
  "lastModified": "2025-01-31T17:20:19.067",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-03T13:16:01.183",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/280905"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/280905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145730"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-29 19:15

Modified

2025-08-06 19:37

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7240940	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	12.1.0
ibm	db2	12.1.1
ibm	db2	12.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
              "matchCriteriaId": "FB68EACE-0F80-448C-962E-756CF3FF6734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "BB83F549-7120-4B17-9172-F338FD427F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
              "matchCriteriaId": "703CB3FF-6DB5-432E-B469-2A90A33A5F2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\nis vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux 12.1.0, 12.1.1 y 12.1.2 es vulnerable a un desbordamiento de b\u00fafer basado en la pila en db2fm, causado por una comprobaci\u00f3n incorrecta de los l\u00edmites. Un usuario local podr\u00eda desbordar el b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema."
    }
  ],
  "id": "CVE-2025-33092",
  "lastModified": "2025-08-06T19:37:37.587",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-29T19:15:45.487",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7240940"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-07-25 10:42

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/49919
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21600837
psirt@us.ibm.com	http://www.securityfocus.com/bid/54487
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49919
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21600837
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54487

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1.0.1
ibm	db2	9.1.0.2
ibm	db2	9.1.0.2
ibm	db2	9.1.0.3
ibm	db2	9.1.0.3
ibm	db2	9.1.0.4
ibm	db2	9.1.0.4
ibm	db2	9.1.0.5
ibm	db2	9.1.0.6
ibm	db2	9.1.0.6
ibm	db2	9.1.0.7
ibm	db2	9.1.0.7
ibm	db2	9.1.0.8
ibm	db2	9.1.0.9
ibm	db2	9.1.0.10
ibm	db2	9.1.0.11
ibm	db2	9.5
ibm	db2	9.5.0.1
ibm	db2	9.5.0.2
ibm	db2	9.5.0.2
ibm	db2	9.5.0.3
ibm	db2	9.5.0.3
ibm	db2	9.5.0.3
ibm	db2	9.5.0.4
ibm	db2	9.5.0.4
ibm	db2	9.5.0.5
ibm	db2	9.5.0.6
ibm	db2	9.5.0.7
ibm	db2	9.5.0.8
ibm	db2	9.5.0.9
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.8
ibm	db2	9.8.0.3
ibm	db2	9.8.0.4
ibm	db2	9.8.0.5
ibm	db2	10.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "04A3E057-5DD6-494F-9195-BB57BA107877",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B2D2913-079E-41D5-975D-DB62309ED9BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "0A7D0F90-0DEB-49BD-B753-BB832B0554CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC88935-B62C-4510-8246-2E0E9D63DF57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "A687DD0E-0212-4F2F-AF24-8DCB3AF60C3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2FAF674-6583-4BA1-BE1F-6CF14D129036",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.4:a:*:*:*:*:*:*",
              "matchCriteriaId": "FC4C04EA-8A95-423E-9EDC-1F29B42C8065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D21588-6838-48A3-86E5-1ADFE71951E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB96916D-C245-4CEA-B435-FAF4454E3251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.6:a:*:*:*:*:*:*",
              "matchCriteriaId": "C6814580-113F-498D-AC07-425C970059DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CE1063-6DAF-484D-A0B2-6F4D6F18B39B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.7:a:*:*:*:*:*:*",
              "matchCriteriaId": "15E1897A-FEC0-47CB-AC32-0787A8B236B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "87956B68-68C7-4CEB-AA74-454F1DC26DBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "252B1BCD-D326-4425-A923-B05BB32D08BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8D741D-4F55-4BE4-ADA6-ADDAC02E5A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8336EA8D-BD3C-4B25-80C1-A85F64328039",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D26FF3-1D40-49D6-A5BB-284FE1B89288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A2E9C9-8EB4-4127-8278-E976D4D3B7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "DC1ED577-3F11-415F-90C8-62B9EC21CA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E054B24-704E-4C05-8E58-3FE0A04D84EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "4C72E084-0266-4389-B8BB-202292D47DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:b:*:*:*:*:*:*",
              "matchCriteriaId": "008B98FD-1DE2-4323-B20E-7BD422EB6771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12C4D6E-7AF9-44F9-9389-F9CA7409C41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.4:a:*:*:*:*:*:*",
              "matchCriteriaId": "8A1C889C-885B-4DB3-A5F4-89A0B1DE0F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C13BB7FD-718B-499E-87C7-637D2A2E3D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.6:a:*:*:*:*:*:*",
              "matchCriteriaId": "267FE109-013A-482E-8078-161FA0991973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F30C1B-0799-49A2-BAA5-26A6030B7682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4E4D16-3C35-42BD-A131-AF0DFC2D20AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7D92A9-BC9A-4F56-AEA6-CE06C7688070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "734E79E6-4A83-4CBF-B8B3-2D6D4491728E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3631F758-5C8F-4D24-81C1-D6146B0209CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB6E617-98EA-4944-9211-FFEE9E50FE55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.1 antes de FP12, v9.5 hasta el FP9, v9.7 hasta el FP6, v9.8 hasta el FP5 y v10.1 permite a atacantes remotos leer archivos XML de su elecci\u00f3n a trav\u00e9s de los procedimientos almacenados (1) GET_WRAP_CFG_C  o (2) GET_WRAP_CFG_C2.\r\n"
    }
  ],
  "id": "CVE-2012-2196",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-25T10:42:34.757",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/49919"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/54487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54487"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-11-09 01:29

Modified

2024-11-21 04:00

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10733939	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/105885	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1042086	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/149429	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10733939	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105885	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042086	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/149429	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podr\u00eda permitir que un usuario local no privilegiado sobrescriba archivos en el sistema, lo que podr\u00eda provocar da\u00f1os en la base de datos. IBM X-Force ID: 149429."
    }
  ],
  "id": "CVE-2018-1799",
  "lastModified": "2024-11-21T04:00:23.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-09T01:29:00.617",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105885"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042086"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149429"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-09 17:15

Modified

2024-11-21 06:18

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/210418	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20220114-0001/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6523810	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/210418	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220114-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6523810	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 11.1, y 11.5, es vulnerable a una divulgaci\u00f3n de informaci\u00f3n como resultado de que un usuario conectado tenga acceso indirecto de lectura a una tabla en la que no est\u00e1 autorizado a seleccionar. IBM X-Force ID: 210418"
    }
  ],
  "id": "CVE-2021-38931",
  "lastModified": "2024-11-21T06:18:14.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-09T17:15:07.747",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210418"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523810"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-04 01:15

Modified

2024-11-21 08:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/266166	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240119-0001/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7087180	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/266166	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240119-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7087180	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23E4D44-3305-407B-92C5-8190434A59DC",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "760B31B3-509C-49E4-BB2C-B48E33782141",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  266166."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegaci\u00f3n de servicio con una consulta especialmente manipulada. ID de IBM X-Force: 266166."
    }
  ],
  "id": "CVE-2023-47701",
  "lastModified": "2024-11-21T08:30:42.143",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-04T01:15:12.340",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266166"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087180"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-23 02:15

Modified

2024-11-06 20:39

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7156851	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72264C00-9FD5-44EF-AE33-36819E253233",
              "versionEndIncluding": "10.5.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7ABF45-1720-49F0-AA78-E4C06815F3C5",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:-:*:*",
              "matchCriteriaId": "46EEFD88-1F1D-417F-815A-98A456DE8515",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user."
    },
    {
      "lang": "es",
      "value": " IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio, en configuraciones espec\u00edficas, ya que el servidor puede bloquearse al utilizar una declaraci\u00f3n SQL especialmente manipulada por un usuario autenticado."
    }
  ],
  "id": "CVE-2024-31880",
  "lastModified": "2024-11-06T20:39:55.200",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-23T02:15:07.167",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7156851"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-01 15:15

Modified

2024-11-21 04:43

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/109019	Broken Link, Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/162174	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10886809	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109019	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/162174	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10886809	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97372030-EDE6-43C7-8437-DBC8E27A8AFD",
              "versionEndIncluding": "11.1.3.3",
              "versionStartIncluding": "11.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "697DD07C-8F58-466E-A58B-7757DC3A28BE",
              "versionEndIncluding": "11.1.4.4",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) en la versi\u00f3n 11.1 podr\u00eda permitir que un usuario autenticado ejecute una funci\u00f3n que podr\u00eda hacer que el servidor se bloquee. ID de IBM X-Force: 162714."
    }
  ],
  "id": "CVE-2019-4386",
  "lastModified": "2024-11-21T04:43:32.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-01T15:15:13.210",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109019"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162174"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886809"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-749"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-09 17:15

Modified

2024-11-21 05:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/195521	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20220225-0005/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6523804	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/195521	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220225-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6523804	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521."
    },
    {
      "lang": "es",
      "value": "IBM Db2 versiones 9.7, 10.1, 10.5, 11.1 y 11.5, pueden ser vulnerables a una divulgaci\u00f3n de informaci\u00f3n cuando es usada la utilidad LOAD, ya que en determinadas circunstancias la utilidad LOAD no aplica las restricciones de directorio. IBM X-Force ID: 199521"
    }
  ],
  "id": "CVE-2021-20373",
  "lastModified": "2024-11-21T05:46:29.097",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-09T17:15:07.507",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195521"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220225-0005/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220225-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523804"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-06-27 16:29

Modified

2025-04-20 01:37

Severity ?

7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22004878	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/99271	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1038772
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/125159	Vendor Advisory
psirt@us.ibm.com	https://www.exploit-db.com/exploits/42260/
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22004878	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99271	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038772
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/125159	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42260/

Impacted products

Vendor	Product	Version
ibm	data_server_client	-
ibm	data_server_driver_for_odbc_and_cli	-
ibm	data_server_driver_package	-
ibm	data_server_runtime_client	-
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2_connect	9.7
ibm	db2_connect	9.7
ibm	db2_connect	9.7
ibm	db2_connect	10.1
ibm	db2_connect	10.1
ibm	db2_connect	10.1
ibm	db2_connect	10.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5
ibm	db2_connect	11.1.0.0
ibm	db2_connect	11.1.0.0
ibm	db2_connect	11.1.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:data_server_client:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDE6939-06D6-4DD1-BE95-E0724B72AC05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:data_server_driver_for_odbc_and_cli:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "710BA2FD-B8AD-4D5A-8626-5C5AB64F2989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:data_server_driver_package:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAA3FCC-ED16-4FAC-ACFB-AD9C87E98FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:data_server_runtime_client:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8021311A-FAFB-4AE7-8EEC-4D4E1C29F9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "56AA8839-8926-40F1-BB9A-AB648DE7F272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "6ABE0FCB-8E32-4AB6-A8D8-79159FCDD889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "5D92ADEC-6ED8-4B07-AB75-204AED0BF896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "A2E6CBD8-7DD7-44F7-8F5D-D79074561AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "5273074C-9C2F-458C-9333-BD16B59008CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "3F75FF9A-AAAE-4EFA-B698-230B5CCD0940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4D38B30C-4CC3-43C9-9360-0A79C36A222F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "3599AC98-ACD3-4A09-9764-080A6B8F56A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "44010A01-4E33-4A6D-83DE-6235AEEE90F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F40068BF-82CC-43D5-99BC-1228337995FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "97626150-FED1-49F7-9CA5-4A5C61A5544C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "C22B49A3-FE14-4677-A141-935AE852E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "278FEDCA-CDE6-4EB6-BCD8-B4B0507DC9A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "B0106414-9BB7-4189-B30E-E5D2B92DCD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "38EB6F60-D89E-4594-A323-3F9A7751E2D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A60F310-FB14-4B46-8ECE-310B6690FD7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "E80151B7-9F69-428F-9689-78FF8F24BF61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, Unix y Windows 9.2, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) es vulnerable a un buffer overflow basado en pila --stack-- causado por una inapropiada verificaci\u00f3n de l\u00edmites lo que podr\u00eda permitir a un atacante local ejecutar c\u00f3digo aleatorio."
    }
  ],
  "id": "CVE-2017-1297",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-27T16:29:00.417",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004878"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99271"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038772"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://www.exploit-db.com/exploits/42260/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/42260/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-11-23 03:15

Modified

2025-01-31 15:26

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7175947	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5
ibm	linux_on_ibm_z	-
linux	linux_kernel	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2024-41761",
  "lastModified": "2025-01-31T15:26:34.900",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-23T03:15:08.333",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7175947"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-789"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file."
    },
    {
      "lang": "es",
      "value": "El componente Self Tuning Memory Manager (STMM) en IBM DB2 v9.1 anterior a FP8, v9.5 anterior FP5 y v9.7 anterior a FP1, usa permisos 0666 para el archivos de log STMM, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio o tener un impacto desconocido relacionado con este archivo."
    }
  ],
  "id": "CVE-2009-4334",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.593",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-12 19:15

Modified

2024-11-21 09:14

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/287613	VDB Entry
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7156852	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/287613	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7156852	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio ya que el servidor puede fallar cuando un usuario autenticado utiliza una consulta especialmente manipulada en ciertas tablas de columnas. ID de IBM X-Force: 287613."
    }
  ],
  "id": "CVE-2024-31881",
  "lastModified": "2024-11-21T09:14:04.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-12T19:15:50.710",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287613"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7156852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7156852"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64298	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64298	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en el componente DRDA Services en IBM DB2 v9.5 anterior a FP5, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (trampa del servidor) mediante la llamada en extra\u00f1as circunstancias, a un procedimiento de almacenado SQL."
    }
  ],
  "id": "CVE-2009-4328",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.420",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-07-10 16:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016182	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/104740	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1041229	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/143023	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016182	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104740	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041229	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/143023	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) podr\u00eda permitir a un usuario local ejecutar c\u00f3digo arbitrario debido a un error de cadena de formato. IBM X-Force ID: 143023."
    }
  ],
  "id": "CVE-2018-1566",
  "lastModified": "2024-11-21T04:00:01.883",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-10T16:29:00.923",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016182"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104740"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041229"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143023"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-11-09 01:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10733122	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/105962	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1042082	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/149640	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10733122	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105962	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042082	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/149640	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640."
    },
    {
      "lang": "es",
      "value": "En IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1, los binarios cargaban librer\u00edas compartidas de una ruta no fiable, dando a un usuario de bajos privilegios acceso total a la cuenta de la instancia DB2 cargando una librer\u00eda compartida maliciosa.  IBM X-Force ID: 149640."
    }
  ],
  "id": "CVE-2018-1802",
  "lastModified": "2024-11-21T04:00:24.067",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-09T01:29:00.680",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733122"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105962"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042082"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149640"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-09-04 10:55

Modified

2025-04-12 10:46

Severity ?

Summary

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/58725
psirt@us.ibm.com	http://secunia.com/advisories/60845
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21681623	Patch, Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21683297
psirt@us.ibm.com	http://www.securityfocus.com/bid/69546
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/94263
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58725
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60845
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21681623	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21683297
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69546
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/94263

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5.0.1
ibm	db2	9.5.0.2
ibm	db2	9.5.0.2
ibm	db2	9.5.0.3
ibm	db2	9.5.0.3
ibm	db2	9.5.0.3
ibm	db2	9.5.0.4
ibm	db2	9.5.0.4
ibm	db2	9.5.0.5
ibm	db2	9.5.0.6
ibm	db2	9.5.0.7
ibm	db2	9.5.0.8
ibm	db2	9.5.0.9
ibm	db2	9.5.0.10
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.8
ibm	db2	9.8.0.3
ibm	db2	9.8.0.4
ibm	db2	9.8.0.5
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
linux	linux_kernel	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D26FF3-1D40-49D6-A5BB-284FE1B89288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A2E9C9-8EB4-4127-8278-E976D4D3B7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "DC1ED577-3F11-415F-90C8-62B9EC21CA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E054B24-704E-4C05-8E58-3FE0A04D84EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "4C72E084-0266-4389-B8BB-202292D47DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.3:b:*:*:*:*:*:*",
              "matchCriteriaId": "008B98FD-1DE2-4323-B20E-7BD422EB6771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12C4D6E-7AF9-44F9-9389-F9CA7409C41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.4:a:*:*:*:*:*:*",
              "matchCriteriaId": "8A1C889C-885B-4DB3-A5F4-89A0B1DE0F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C13BB7FD-718B-499E-87C7-637D2A2E3D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.6:a:*:*:*:*:*:*",
              "matchCriteriaId": "267FE109-013A-482E-8078-161FA0991973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F30C1B-0799-49A2-BAA5-26A6030B7682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4E4D16-3C35-42BD-A131-AF0DFC2D20AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7D92A9-BC9A-4F56-AEA6-CE06C7688070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3356137-34FF-4B43-861B-E3DBA6594E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F07F2-3F58-4999-97E9-50C627D9CB84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "734E79E6-4A83-4CBF-B8B3-2D6D4491728E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3631F758-5C8F-4D24-81C1-D6146B0209CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB6E617-98EA-4944-9211-FFEE9E50FE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "5815103C-D6DC-49D2-A544-1E3A2AEEEB3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "CA651B7E-418B-4C3C-9A83-7E25342D884F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement."
    },
    {
      "lang": "es",
      "value": "El motor SQL en IBM DB2 9.5 hasta FP10, 9.7 hasta FP9a, 9.8 hasta FP5, 10.1 hasta FP4, y 10.5 anterior a FP4 en Linux, UNIX y Windows permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una clausula UNION manipulada en una subconsulta de una declaraci\u00f3n SELECT."
    }
  ],
  "id": "CVE-2014-3095",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-04T10:55:06.910",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/58725"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60845"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/69546"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94263"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-08 11:55

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21684812	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/95945
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21684812	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/95945

Impacted products

	Vendor	Product	Version
	ibm	db2	9.7
	ibm	db2	9.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.7 anterior a FP10 y 9.8 hasta FP5 en Linux, UNIX, y Windows permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una declaraci\u00f3n ALTER TABLE manipulada."
    }
  ],
  "id": "CVE-2014-6097",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-08T11:55:02.600",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684812"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95945"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-04 01:15

Modified

2024-11-21 08:12

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/260214	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240119-0001/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7078681	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/260214	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240119-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7078681	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to.  IBM X-Force ID:  260214."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podr\u00eda permitir a un usuario con privilegios DATAACCESS ejecutar rutinas a las que no deber\u00eda tener acceso. ID de IBM X-Force: 260214."
    }
  ],
  "id": "CVE-2023-38003",
  "lastModified": "2024-11-21T08:12:40.753",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-04T01:15:08.217",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260214"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7078681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7078681"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-05-05 21:15

Modified

2025-05-16 23:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7232518	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250516-0001/

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "685E5B9C-F82E-4BF5-84D2-709CA5FB7F3A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "41FD572B-97C2-4734-BCE7-2F9D59D38C22",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "21C731C8-8712-4B60-852E-70B5EB61C43A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 \n\n\n\n\n\ncould allow an authenticated user to cause a denial of service due to concurrent execution of shared resources."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 12.1.0 a 12.1.1 podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio debido a la ejecuci\u00f3n simult\u00e1nea de recursos compartidos."
    }
  ],
  "id": "CVE-2025-1493",
  "lastModified": "2025-05-16T23:15:19.493",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-05T21:15:47.263",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7232518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20250516-0001/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 08:00

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/253361	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230731-0007/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/253361	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230731-0007/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  \n\n253361\n\n."
    }
  ],
  "id": "CVE-2023-30446",
  "lastModified": "2024-11-21T08:00:11.930",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:52.047",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253361"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-05-26 17:15

Modified

2024-11-21 04:43

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/167365	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210629-0004/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6456029	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/167365	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210629-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6456029	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00eda permitir a un usuario local ejecutar c\u00f3digo arbitrario y conducir ataques de secuestro de DLL"
    }
  ],
  "id": "CVE-2019-4588",
  "lastModified": "2024-11-21T04:43:46.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-26T17:15:14.020",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167365"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210629-0004/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6456029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210629-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6456029"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-29 19:15

Modified

2025-08-07 00:31

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7240955	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "5D256132-BDD1-4EE8-95CE-D8F6F1A34085",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "7C549B0C-9BA1-4287-8734-62B6E76D2C5E",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B546C523-9A9C-4555-8A2E-2E7D1676F695",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5.0 a 11.5.9 y 12.1.0 a 12.1.2 es vulnerable a una denegaci\u00f3n de servicio ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada debido a una liberaci\u00f3n incorrecta de recursos de memoria."
    }
  ],
  "id": "CVE-2025-36071",
  "lastModified": "2025-08-07T00:31:53.567",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-29T19:15:45.863",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7240955"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-772"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-12-07 14:15

Modified

2025-01-31 15:27

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7175946	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2E6BAB-5E0F-458B-B358-205D65B073D5",
              "versionEndIncluding": "10.5.11",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7ABF45-1720-49F0-AA78-E4C06815F3C5",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECBD1085-509F-49E6-9DB0-1015F7B63955",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2024-41762",
  "lastModified": "2025-01-31T15:27:03.190",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-07T14:15:17.560",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7175946"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-789"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-09-04 10:55

Modified

2025-04-12 10:46

Severity ?

Summary

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/58616
psirt@us.ibm.com	http://secunia.com/advisories/60845
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21681631	Patch, Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21683296
psirt@us.ibm.com	http://www.securityfocus.com/bid/69550
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/94260
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58616
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60845
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21681631	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21683296
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69550
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/94260

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.8
ibm	db2	9.8.0.3
ibm	db2	9.8.0.4
ibm	db2	9.8.0.5
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
linux	linux_kernel	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F07F2-3F58-4999-97E9-50C627D9CB84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "734E79E6-4A83-4CBF-B8B3-2D6D4491728E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3631F758-5C8F-4D24-81C1-D6146B0209CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB6E617-98EA-4944-9211-FFEE9E50FE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "CA651B7E-418B-4C3C-9A83-7E25342D884F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en pila en IBM DB2 9.7 hasta FP9a, 9.8 hasta FP5, 10.1 hasta FP4, y 10.5 anterior a FP4 en Linux, UNIX y Windows permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de una declaraci\u00f3n ALTER MODULE manipulada."
    }
  ],
  "id": "CVE-2014-3094",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-04T10:55:06.863",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/58616"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60845"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681631"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683296"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/69550"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94260"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-20 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.

References

URL	Tags
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21586193	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/74325
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21586193	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74325
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
hp	hp-ux	*
ibm	aix	*
linux	linux_kernel	*
sun	sunos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "E3E12C63-19FF-4BB9-9389-BF5E6B493F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "10456C00-127D-46FE-82A4-D567AB19F87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "E476599E-7087-4442-AED5-61DC1CA1F374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "93F5745A-219B-48F6-95E9-85B4E516FA94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AEFEC9-5DB4-44CB-977D-6561DC1680C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en IBM Tivoli Monitoring Agent (ITMA), tal como se utiliza en IBM DB2 9.5 antes de FP9 en UNIX, permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2012-1796",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-20T20:55:01.460",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586193"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74325"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-07-20 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21697988	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/75949
psirt@us.ibm.com	http://www.securitytracker.com/id/1032883
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21697988	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75949
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032883

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "025FA405-0FD2-4B19-8FA4-15581085BD15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F425C545-39CD-483C-97A3-BE0DC3EE63DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A6A7680-D883-414F-965B-1D6136760CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*",
              "matchCriteriaId": "76107CFE-EB32-4AF6-9AF9-F16238F9C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "7D1225B0-DBFF-4A13-93CB-1B64AF9ACE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en IBM DB2 9.7 a trav\u00e9s de FP10, 9.8 a trav\u00e9s de FP5, 10.1 anterior a FP5 y 10.5 a trav\u00e9s de FP5 en Linux, UNIX y Windows permite a usuarios remotos autenticados leer archivos de texto arbitarios a trav\u00e9s de una funci\u00f3n XML/XSLT en una sentencia SELECT manipulada."
    }
  ],
  "id": "CVE-2014-8910",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-20T01:59:00.080",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697988"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/75949"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1032883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032883"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-25 14:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016143	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1040967	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/143022	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016143	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040967	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/143022	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) podr\u00eda permitir que un usuario local desborde un b\u00fafer, lo que puede resultar en un escalado de privilegios al propietario de la instancia DB2. IBM X-Force ID: 143022."
    }
  ],
  "id": "CVE-2018-1565",
  "lastModified": "2024-11-21T04:00:01.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T14:29:00.933",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040967"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143022"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-05-03 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/44229	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71263
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71375
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375
cve@mitre.org	http://www.securityfocus.com/bid/47525
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1083	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/66980
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44229	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71263
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71375
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47525
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1083	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66980
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	*
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "C8517013-E26A-43D1-B3E7-3A9905B5BD98",
              "versionEndIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "E3E12C63-19FF-4BB9-9389-BF5E6B493F42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "E4312D00-16F8-42CA-AB58-82F66781910F",
              "versionEndIncluding": "9.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no revoca correctamente la pertenencia a grupos, lo que permite a usuarios remotos autenticados  ejecutar instrucciones non-DDL aprovech\u00e1ndose  de la posesi\u00f3n heredada del rol anterior, una vulnerabilidad diferente de CVE-2011-0757. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2011-1846",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-05-03T20:55:12.463",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71263"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71375"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/47525"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1083"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66980"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.

References

▶	URL	Tags
	cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219
	af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers."
    },
    {
      "lang": "es",
      "value": "El componente DRDA Services en IBM DB2 UDB v9.5 anterior a FP6a, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (ABEND en el servidor de base de datos) usando el cliente CLI sobre Linux, UNIX o Windows para la ejecuci\u00f3n de una declaraci\u00f3n preparada con un gran n\u00famero de marcadores de par\u00e1metros."
    }
  ],
  "id": "CVE-2010-3732",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-05T18:00:32.987",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-19 16:15

Modified

2024-11-21 05:32

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/174960	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/2875875	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/174960	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/2875875	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, son vulnerables a un desbordamiento del b\u00fafer, causado por una comprobaci\u00f3n de l\u00edmites inapropiada que podr\u00eda permitir a un atacante local ejecutar c\u00f3digo arbitrario en el sistema con privilegios root. ID de IBM X-Force: 174960."
    }
  ],
  "id": "CVE-2020-4204",
  "lastModified": "2024-11-21T05:32:23.570",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-19T16:15:11.937",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174960"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2875875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2875875"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-02-01 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/43059	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029
cve@mitre.org	http://www.osvdb.org/70683
cve@mitre.org	http://www.securityfocus.com/bid/46052
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43059	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/70683
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46052
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	*
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	*
ibm	db2	9.7
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "CE5CFA06-CFB5-476D-A488-14B7A4067877",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "1DF94D3C-3C23-4F22-B9B6-658C23E7BAF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "C8517013-E26A-43D1-B3E7-3A9905B5BD98",
              "versionEndIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "E3E12C63-19FF-4BB9-9389-BF5E6B493F42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "4BAC4590-F57B-4C4C-AE77-882D318243EC",
              "versionEndIncluding": "9.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el componente DB2 Administration Server (DAS) para IBM DB2 v9.1 anterior a FP10, v9.5 anterior a FP7, y v9.7 anterior a FP3 en Linux, UNIX, y Windows permite a atacantes remotos ejecutar c\u00f3digo a trav\u00e9s de vectores desconocidos"
    }
  ],
  "id": "CVE-2011-0731",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-01T18:00:03.673",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43059"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/70683"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46052"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/70683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-05-29 20:15

Modified

2025-06-09 18:59

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7235073	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A9058600-75B6-4228-9B77-C6DAF915F158",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "A7C9B6A1-749A-4388-AC61-318F79DB4519",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "C7DD6EFE-C2DA-42BC-931C-4C347F49BE72",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "685E5B9C-F82E-4BF5-84D2-709CA5FB7F3A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "41FD572B-97C2-4734-BCE7-2F9D59D38C22",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "21C731C8-8712-4B60-852E-70B5EB61C43A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5.0 a 11.5.9 y 12.1.0 a 12.1.1 podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio al utilizar la replicaci\u00f3n Q debido a la asignaci\u00f3n incorrecta de recursos de CPU."
    }
  ],
  "id": "CVE-2025-3050",
  "lastModified": "2025-06-09T18:59:36.360",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-29T20:15:26.690",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7235073"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-03-11 16:15

Modified

2024-11-21 05:33

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/193661	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210409-0003/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6427855	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/193661	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210409-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6427855	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
linux	linux_kernel	-
microsoft	windows	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD327F40-DAD7-44C3-9E98-B742595FE95F",
              "versionEndExcluding": "11.1.4.6",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3A4627A-DD08-4ECA-854C-F38CC6799C32",
              "versionEndExcluding": "11.5.5.0",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "77E2A7AA-6BEC-4796-8F9C-B9761445203F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "DDB6647C-7CF0-474F-94C8-F5C7F6EE0DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "786B3F51-46A3-4A4C-A549-B80BA27EE3B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "AB349DC8-2EC6-4A11-9BCD-9C49D36BA49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "CC8D88E5-7942-4F21-B0BA-7D23F4537117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "D7A42A22-D615-4D60-8FC4-61CDF727FD54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "8614A1E4-F2B2-4D76-B0A4-4D2C210BC6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "BEBA2C16-A984-4DA3-953E-A3F29884ED09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "7B4337FD-3E56-482A-B27B-079901B07226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "F1DE50F8-6817-4C72-95BA-A81268F52E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "BCF253DE-A7BD-4626-8CA4-63CBF527A4A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "22019513-E605-4245-B031-05D8B0C8E3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "71959DD4-A6DF-40CC-A1D4-4211C292D9B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "AE96DEA7-95B8-487C-9ADC-ABD29942DEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "0D5B31BE-FE9D-4D12-945E-3870BB46CDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "14A3CD2D-6CE7-40AC-B3A2-F515D08A9A0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "A5466AD6-FE18-4778-9D6C-212347ECFFE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "282E708B-2FE3-4B1C-9DFC-C3BD164F3F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, db2fm es vulnerable a un desbordamiento del b\u00fafer, causado por una comprobaci\u00f3n inapropiada de l\u00edmites que podr\u00eda permitir a un atacante local ejecutar c\u00f3digo arbitrario en el sistema con privilegios root.\u0026#xa0;IBM X-Force ID: 193661"
    }
  ],
  "id": "CVE-2020-5025",
  "lastModified": "2024-11-21T05:33:34.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-11T16:15:12.927",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193661"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6427855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6427855"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-06-20 10:27

Modified

2025-04-11 00:51

Severity ?

Summary

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IC82234	Vendor Advisory
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IC82367
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21597090	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/53873
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/75418
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IC82234	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IC82367
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21597090	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53873
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75418

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.8
ibm	db2	9.8.0.3
ibm	db2	9.8.0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "734E79E6-4A83-4CBF-B8B3-2D6D4491728E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3631F758-5C8F-4D24-81C1-D6146B0209CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de encadenamiento en el m\u00f3dulo de arquitectura de bases de datos relacionales distribuidas - \u0027Distributed Relational Database Architecture\u0027(DRDA) en IBM DB2 v9.7 antes de FP6 y 9.8 antes de FP5, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia de puntero nulo y excesivo consumo de recursos o caida del demonio) a trav\u00e9s de una solicitud modificada a mano."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
  "id": "CVE-2012-2180",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-20T10:27:28.443",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53873"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-04 01:15

Modified

2024-11-21 08:28

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/269367	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240112-0003/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7087203	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/269367	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240112-0003/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7087203	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A0ECDB-9278-4812-A44C-4FDD09898E10",
              "versionEndIncluding": "11.5.8",
              "versionStartIncluding": "11.5.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.  IBM X-Force ID:  269367."
    },
    {
      "lang": "es",
      "value": "El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegaci\u00f3n de servicio cuando se utiliza un cursor especialmente manipulado. ID de IBM X-Force: 269367."
    }
  ],
  "id": "CVE-2023-46167",
  "lastModified": "2024-11-21T08:28:00.590",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-04T01:15:12.147",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240112-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240112-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087203"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022	Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server."
    },
    {
      "lang": "es",
      "value": "Fuga de memoria en el componente  Relational Data Services en IBM DB2 UDB v9.5 anterior a FP6a, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de la memoria din\u00e1mica -heap-) mediante (1)la ejecuci\u00f3n de procedimiento de almacenado o (2) la funci\u00f3n definida por el usuario (UDF) empleando un c\u00f3digo de p\u00e1gina diferente a la del servidor de base de datos."
    }
  ],
  "id": "CVE-2010-3737",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-10-05T18:00:33.393",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/41686	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21426108
cve@mitre.org	http://www.securityfocus.com/bid/46077
cve@mitre.org	http://www.vupen.com/english/advisories/2010/2544	Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-11-035
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41686	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21426108
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46077
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2544	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-11-035
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la implementaci\u00f3n validateUser en la funci\u00f3n com.ibm.db2.das.core.DasSysCmd en db2dasrrm en el componente DB2 Administration Server (DAS) en DB2 de IBM versi\u00f3n 9.1 anterior a FP10, versi\u00f3n 9,5 anterior a FP6a, y versi\u00f3n 9,7 anterior a FP3,permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una cadena de nombre de usuario larga."
    }
  ],
  "id": "CVE-2010-3731",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-05T18:00:32.940",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41686"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46077"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2544"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-035"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-01 15:15

Modified

2024-11-21 05:32

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/179268	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6242342	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/179268	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6242342	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	10.1.0.0
ibm	db2	10.5.0.0
ibm	db2	11.1.0.0
ibm	db2	11.5.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E94B9A7-5DF7-4F52-B87F-094A50010F79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00eda permitir a un usuario local obtener informaci\u00f3n confidencial usando una condici\u00f3n de carrera de un enlace simb\u00f3lico. IBM X-Force ID: 179268"
    }
  ],
  "id": "CVE-2020-4386",
  "lastModified": "2024-11-21T05:32:41.037",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-01T15:15:14.843",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242342"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-24 19:15

Modified

2024-11-21 05:46

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/199283	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6466369	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/199283	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6466369	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones  9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00eda permitir a un usuario que pueda crear una visualizaci\u00f3n o una funci\u00f3n SQL en l\u00ednea obtener informaci\u00f3n confidencial cuando  la funci\u00f3n AUTO_REVAL est\u00e1 ajustado como la funci\u00f3n DEFFERED_FORCE. IBM X-Force ID: 199283"
    }
  ],
  "id": "CVE-2021-20579",
  "lastModified": "2024-11-21T05:46:48.557",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-24T19:15:08.380",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199283"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466369"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-09-28 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

References

URL	Tags
cve@mitre.org	http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
cve@mitre.org	http://www.securityfocus.com/archive/1/343804	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/8990	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/13633
af854a3a-2127-422b-91ae-364da2661108	http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/343804	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/8990	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/13633

Impacted products

	Vendor	Product	Version
	ibm	db2	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF280E6-CF00-4B71-B58A-2087D339C665",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en IBM DB2 Universal Database 8.1 pueden permitir a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos de l\u00ednea de comandos largos a (1)db2start, (2) db2stop, o (3) db2govd."
    }
  ],
  "id": "CVE-2003-1050",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-09-28T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/343804"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8990"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/343804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-29 19:15

Modified

2025-08-13 19:17

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7240944	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "385D4613-C252-4075-8485-55B8E32DC970",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9DD542DB-0839-4057-8551-55154788182A",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "D9ED6DEF-712F-4BB0-8676-D5DB6A269EBF",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "3B5A9A8A-5EE6-428A-8B3D-543B2F84D615",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "5971CCFD-FB34-4216-8A87-A4310EF34F23",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "960AA97F-0D2C-4B33-9754-69BC28399BCE",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "5D256132-BDD1-4EE8-95CE-D8F6F1A34085",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "7C549B0C-9BA1-4287-8734-62B6E76D2C5E",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B546C523-9A9C-4555-8A2E-2E7D1676F695",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 \n\nis vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5.0.0 a 10.5.0.11, 11.1.0 a 11.1.4.7, 11.5.0 a 11.5.9 y 12.1.0 a 12.1.2 es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2024-51473",
  "lastModified": "2025-08-13T19:17:34.260",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-29T19:15:44.507",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7240944"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-09-29 21:30

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://osvdb.org/58477
cve@mitre.org	http://secunia.com/advisories/36890	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21403619	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21426108
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21432298
cve@mitre.org	http://www.securityfocus.com/bid/36540
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/58477
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36890	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21403619	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21426108
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21432298
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36540

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "E0252A93-49D5-4C5E-B774-8400526CA813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp17:*:*:*:*:*:*",
              "matchCriteriaId": "4EC433D0-58E3-4744-BAB4-421BC5C3F04C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "72FA9A16-8AFD-4D93-95B4-EAB6E6030D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BB299EAB-31AA-4BAA-B477-0F909A8418AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "6FD22E1E-F5BC-45D5-98F4-EDEE87D718F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "222C1B84-0C28-451F-BB02-4CB925263312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "08177181-660C-4BF4-9031-74EE89297CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "0B5FF14E-2971-4F3F-AD25-D00B0FEDA08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions\u0027 definers, which has unspecified impact and remote attack vectors."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v8 anterior a FP18, v9.1 anterior a FP8, y v9.5 anterior a FP4 no realiza los borrados esperados de ciertas funciones de tabla por una perdida de privilegios por las definiciones de las funciones, lo cual tiene un impacto no especificado y vectores de ataque a distancia."
    }
  ],
  "id": "CVE-2009-3471",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-29T21:30:00.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/58477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/58477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36540"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-05-05 21:15

Modified

2025-05-13 19:42

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7232528	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A9058600-75B6-4228-9B77-C6DAF915F158",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "A7C9B6A1-749A-4388-AC61-318F79DB4519",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "C7DD6EFE-C2DA-42BC-931C-4C347F49BE72",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "685E5B9C-F82E-4BF5-84D2-709CA5FB7F3A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "41FD572B-97C2-4734-BCE7-2F9D59D38C22",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "21C731C8-8712-4B60-852E-70B5EB61C43A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\ncould allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5.0 a 11.5.9 y 12.1.0 a 12.1.1 podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio al conectarse a una base de datos z/OS debido a un manejo inadecuado del redireccionamiento autom\u00e1tico del cliente."
    }
  ],
  "id": "CVE-2025-1000",
  "lastModified": "2025-05-13T19:42:48.870",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-05T21:15:47.120",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7232528"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-10-18 01:55

Modified

2025-04-11 00:51

Severity ?

Summary

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.

References

URL	Tags
cve@mitre.org	http://securityreason.com/securityalert/8476
cve@mitre.org	http://www.nth-dimension.org.uk/downloads.php?id=77
cve@mitre.org	http://www.nth-dimension.org.uk/downloads.php?id=83	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/518659
cve@mitre.org	http://www.securityfocus.com/bid/48514	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/51181
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8476
af854a3a-2127-422b-91ae-364da2661108	http://www.nth-dimension.org.uk/downloads.php?id=77
af854a3a-2127-422b-91ae-364da2661108	http://www.nth-dimension.org.uk/downloads.php?id=83	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/518659
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48514	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51181
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063

Impacted products

	Vendor	Product	Version
	ibm	db2	9.7
	ibm	tivoli_monitoring_for_databases	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:express:*:*:*:*:*",
              "matchCriteriaId": "825AE914-20DA-4CC2-B792-04DFC96D0472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring_for_databases:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D79CEAF3-227B-47E4-B464-E646BEA7DFC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de b\u00fasqueda no confiable en (1) db2rspgn y (2) kbbacf1 en IBM DB2 Express Edition v9.7, que se utiliza en el IBM Tivoli Monitoring para bases de datos: El agente de DB2, permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya libkbb.so en el directorio de trabajo actual, en relaci\u00f3n con la cabecera ELF DT_RPATH."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\u0027CWE-426: Untrusted Search Path\u0027",
  "id": "CVE-2011-4061",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-10-18T01:55:01.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8476"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.nth-dimension.org.uk/downloads.php?id=77"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.nth-dimension.org.uk/downloads.php?id=83"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/518659"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/48514"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/51181"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.nth-dimension.org.uk/downloads.php?id=77"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.nth-dimension.org.uk/downloads.php?id=83"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/518659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/48514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-09-04 10:55

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761	Patch, Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21681723
psirt@us.ibm.com	http://www.securitytracker.com/id/1030806
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/95307
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21681723
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030806
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/95307

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	aix	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "CA651B7E-418B-4C3C-9A83-7E25342D884F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring."
    },
    {
      "lang": "es",
      "value": "IBM DB2 10.5 anterior a FP4 en Linux y AIX crea ficheros temporales durante las operaciones CDE table LOAD, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un fichero mientras un LOAD est\u00e1 sucediendo."
    }
  ],
  "id": "CVE-2014-4805",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-04T10:55:07.597",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681723"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1030806"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95307"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-11-09 01:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10733939	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/105885	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1042086	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/148804	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10733939	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105885	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042086	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/148804	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podr\u00eda permitir que un usuario local obtenga acceso root explotando un ataque de enlace simb\u00f3lico para leer/escribir/corromper un archivo al que no se ten\u00eda permiso de acceso originalmente. IBM X-Force ID: 148804."
    }
  ],
  "id": "CVE-2018-1781",
  "lastModified": "2024-11-21T04:00:21.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-09T01:29:00.570",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105885"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042086"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148804"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-01 15:15

Modified

2024-11-21 04:43

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/109002	Broken Link, Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/161202	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10884444	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109002	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/161202	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10884444	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.1 es vulnerable a un desbordamiento de b\u00fafer, lo que podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario en el sistema como root. IBM X-Force ID: 161202."
    }
  ],
  "id": "CVE-2019-4322",
  "lastModified": "2024-11-21T04:43:28.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-01T15:15:12.803",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109002"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161202"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884444"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-16 17:15

Modified

2024-11-21 06:01

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/200658	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210720-0005/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6463985	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/200658	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210720-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6463985	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E40D35A7-ED2D-427D-AEF9-5418C342B8E5",
              "versionEndIncluding": "11.1.4",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA11359-98B8-4A5A-8C34-1FCD00C934D4",
              "versionEndIncluding": "11.5.5.0",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658."
    },
    {
      "lang": "es",
      "value": "Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 11.1.4 y 11.5.5, es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor termina de forma anormal cuando se ejecuta una sentencia SELECT especialmente dise\u00f1ada. IBM X-Force ID: 200658"
    }
  ],
  "id": "CVE-2021-29702",
  "lastModified": "2024-11-21T06:01:40.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-16T17:15:07.860",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200658"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0005/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6463985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6463985"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-09-16 16:15

Modified

2024-11-21 06:01

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/202267	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20211029-0005/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6489493	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/202267	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211029-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6489493	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:-:*:*",
              "matchCriteriaId": "F9DA788B-81D2-4B91-9E63-3D42A5F21854",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 y 11.5, en condiciones muy espec\u00edficas, podr\u00eda permitir a un usuario local seguir ejecutando un procedimiento que podr\u00eda causar que el sistema se quedara sin memoria y causar una denegaci\u00f3n de servicio. IBM X-Force ID: 202267"
    }
  ],
  "id": "CVE-2021-29763",
  "lastModified": "2024-11-21T06:01:45.623",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-16T16:15:08.040",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6489493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6489493"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-29 19:15

Modified

2025-08-13 19:20

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7240945	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "385D4613-C252-4075-8485-55B8E32DC970",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9DD542DB-0839-4057-8551-55154788182A",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "D9ED6DEF-712F-4BB0-8676-D5DB6A269EBF",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "3B5A9A8A-5EE6-428A-8B3D-543B2F84D615",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "5971CCFD-FB34-4216-8A87-A4310EF34F23",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "960AA97F-0D2C-4B33-9754-69BC28399BCE",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "5D256132-BDD1-4EE8-95CE-D8F6F1A34085",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "7C549B0C-9BA1-4287-8734-62B6E76D2C5E",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B546C523-9A9C-4555-8A2E-2E7D1676F695",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2\u00a0is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5.0.0 a 10.5.0.11, 11.1.0 a 11.1.4.7, 11.5.0 a 11.5.9 y 12.1.0 a 12.1.2 es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2024-49828",
  "lastModified": "2025-08-13T19:20:09.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-29T19:15:44.337",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7240945"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-07-20 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21698308	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/75946
psirt@us.ibm.com	http://www.securitytracker.com/id/1032881
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21698308	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75946
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032881

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "025FA405-0FD2-4B19-8FA4-15581085BD15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F425C545-39CD-483C-97A3-BE0DC3EE63DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A6A7680-D883-414F-965B-1D6136760CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*",
              "matchCriteriaId": "76107CFE-EB32-4AF6-9AF9-F16238F9C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "7D1225B0-DBFF-4A13-93CB-1B64AF9ACE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en IBM DB2 9.7 a trav\u00e9s de FP10, 9.8 a trav\u00e9s de FP5, 10.1 anterior a FP5 y 10.5 a trav\u00e9s de FP5 en Linux, UNIX y Windows permite a usuarios remotos autenticados leer ciertos archivos administrativos a trav\u00e9s del uso manipulado de un procedimiento almacenado en la pol\u00edtica de mantenimiento automatizado."
    }
  ],
  "id": "CVE-2015-1883",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-20T01:59:04.177",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698308"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/75946"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1032881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032881"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-29 18:15

Modified

2025-08-06 19:34

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7240951	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	12.1.0
ibm	db2	12.1.1
ibm	db2	12.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
              "matchCriteriaId": "FB68EACE-0F80-448C-962E-756CF3FF6734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "BB83F549-7120-4B17-9172-F338FD427F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
              "matchCriteriaId": "703CB3FF-6DB5-432E-B469-2A90A33A5F2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\ncould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux 12.1.0, 12.1.1 y 12.1.2 podr\u00edan permitir que un usuario no autenticado provoque una denegaci\u00f3n de servicio debido a segmentos ejecutables que est\u00e1n esperando que otros liberen un bloqueo necesario."
    }
  ],
  "id": "CVE-2025-36010",
  "lastModified": "2025-08-06T19:34:24.467",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-29T18:15:28.733",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7240951"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-833"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-12-12 09:15

Modified

2024-11-21 07:22

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/237210	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6843071	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/237210	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230120-0003/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6843071	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	3.5
ibm	db2	3.5
ibm	db2	4.0
ibm	db2	4.0
ibm	db2	4.5
ibm	db2	4.5
ibm	db2_warehouse	3.5
ibm	db2_warehouse	3.5
ibm	db2_warehouse	4.0
ibm	db2_warehouse	4.0
ibm	db2_warehouse	4.5
ibm	db2_warehouse	4.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "634480F6-1D26-4462-94C3-24DFCA3F4027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*",
              "matchCriteriaId": "0368BC26-3A80-4B70-8052-3F47B1484E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "EAC644E7-70FB-4BAE-81C7-5E9C89CB24B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*",
              "matchCriteriaId": "4A557DCC-6343-4C56-8B60-FCBEB6426D42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "C8D52709-C590-40A2-8486-8AFE5D8D4F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*",
              "matchCriteriaId": "BE38A78C-1EA6-45AA-9551-8B17BE9C9327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_warehouse:3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "FEC9BE0B-76A7-41BF-BE22-7F8C167DF243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
              "matchCriteriaId": "A8C0972A-C0A7-4497-AE6F-D5F266F1DBF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_warehouse:4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "AE87E729-F00A-43F8-91FF-BAA8B4B3986C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
              "matchCriteriaId": "353A9E03-50CD-46E0-A5AB-351AA426007F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_warehouse:4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "E2CBB056-CC8A-4A34-AA3C-CDC7D8DE2426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
              "matchCriteriaId": "2D823704-6F82-47BE-8658-466ECD051451",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\n\n"
    },
    {
      "lang": "es",
      "value": "IBM Db2U 3.5, 4.0 y 4.5 es vulnerable a Cross-Site Request Forgery (CSRF), lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 237210."
    }
  ],
  "id": "CVE-2022-41296",
  "lastModified": "2024-11-21T07:22:59.737",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-12T09:15:12.760",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6843071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230120-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6843071"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-02-02 23:00

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

References

URL	Tags
cve@mitre.org	http://osvdb.org/70773
cve@mitre.org	http://secunia.com/advisories/43148	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg1IC66811
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg1IC66814
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg1IC66815
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg21426108
cve@mitre.org	http://www.securityfocus.com/bid/46064
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70773
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43148	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IC66811
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IC66814
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IC66815
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21426108
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46064
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	*
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	*
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "CE5CFA06-CFB5-476D-A488-14B7A4067877",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "1DF94D3C-3C23-4F22-B9B6-658C23E7BAF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "9966C431-E3F3-484C-9B61-A0A7D604D92C",
              "versionEndIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "E509C213-7CF5-4540-A5F7-D9B691977AF4",
              "versionEndIncluding": "9.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.1 anterior a FP10, v9.5 anterior a FP6a, y v9.7 anterior a FP2 en Linux, UNIX y Windows no revoca correctamente la autorizaci\u00f3n DBADM, que permite a usuarios autenticados remotamente ejecutar instrucciones no-DDL aprovechandose de la posesi\u00f3n anterior de esta autoridad."
    }
  ],
  "id": "CVE-2011-0757",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-02T23:00:33.457",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/70773"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43148"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66811"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66814"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66815"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66811"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66814"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66815"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46064"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65008"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC66815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-03-22 12:29

Modified

2024-11-21 03:22

Severity ?

5.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22012948	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/103494	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/131853	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22012948	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103494	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/131853	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853."
    },
    {
      "lang": "es",
      "value": "IBM DB2 (IBM DB2 para Linux, UNIX y Windows (incluyendo DB2 Connect Server), en versiones 9.7, 10.1, 10.5 y 11.1, emplea algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir que un atacante descifre informaci\u00f3n altamente sensible. IBM X-Force ID: 131853."
    }
  ],
  "id": "CVE-2017-1571",
  "lastModified": "2024-11-21T03:22:06.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-22T12:29:00.313",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012948"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103494"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-10-22 18:00

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/32368	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg27013892
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2893
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32368	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg27013892
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2893

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "F9BA9539-3A77-4C6B-9FA3-51BB55645AB2",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en la funci\u00f3n  SQLNLS_UNPADDEDCHARLEN en el componente New Compiler (tambi\u00e9n conocido como Starburst derived compiler)  en el servidor en IBM DB2 v9.1 anterior a FP6, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (violaci\u00f3n de segmentaci\u00f3n y \"trap\" -trampa-) a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2008-4691",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-22T18:00:01.300",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32368"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2893"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-07 19:15

Modified

2025-06-11 17:15

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/270402	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240307-0003/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7105500	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/270402	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0003/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7105500	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E5A16E6-977D-4085-BACC-5508E460FC88",
              "versionEndExcluding": "10.5.0.11",
              "versionStartIncluding": "10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C1181B-4576-4572-9162-A70BAB52FF9A",
              "versionEndExcluding": "11.1.4.7",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality.  IBM X-Force ID:  270402."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podr\u00eda permitir a un usuario local escalar sus privilegios al usuario de SYSTEM mediante la funcionalidad de reparaci\u00f3n de MSI ID de IBM X-Force: 270402."
    }
  ],
  "id": "CVE-2023-47145",
  "lastModified": "2025-06-11T17:15:34.017",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-07T19:15:08.017",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270402"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105500"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-01-28 20:30

Modified

2025-04-11 00:51

Severity ?

Summary

Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html	Exploit
cve@mitre.org	http://securitytracker.com/id?1023509
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21426108
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21432298
cve@mitre.org	http://www.securityfocus.com/bid/37976	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/55899
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023509
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21426108
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21432298
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37976	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/55899
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "1DF94D3C-3C23-4F22-B9B6-658C23E7BAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en DB2 de IBM versi\u00f3n 9.1 anterior a FP9, versi\u00f3n 9.5 anterior a FP6 y versi\u00f3n 9.7 anterior a FP2, permite a los usuarios autenticados remotos tener un impacto no especificado por medio de una declaraci\u00f3n SELECT que presenta un nombre de columna largo generado con la funci\u00f3n REPEAT."
    }
  ],
  "id": "CVE-2010-0462",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-01-28T20:30:01.840",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023509"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/37976"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55899"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/37976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-11-09 01:29

Modified

2024-11-21 04:00

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10733939	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/105885	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1042086	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/148803	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10733939	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105885	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042086	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/148803	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podr\u00eda permitir que un propietario local de instancias db2 obtenga acceso root explotando un ataque de enlace simb\u00f3lico para leer/escribir/corromper un archivo al que no se ten\u00eda permiso de acceso originalmente. IBM X-Force ID: 148803."
    }
  ],
  "id": "CVE-2018-1780",
  "lastModified": "2024-11-21T04:00:21.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-09T01:29:00.493",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105885"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042086"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148803"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-09-21 13:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/105391	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/146364	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://usn.ubuntu.com/3906-2/
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10729981	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105391	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/146364	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3906-2/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10729981	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364."
    },
    {
      "lang": "es",
      "value": "En IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 10.1, 10.5 y 11.1, la herramienta db2licm se ve afectada por una vulnerabilidad de desbordamiento de b\u00fafer que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario. IBM X-Force ID: 146364."
    }
  ],
  "id": "CVE-2018-1710",
  "lastModified": "2024-11-21T04:00:14.200",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-21T13:29:00.797",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105391"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146364"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://usn.ubuntu.com/3906-2/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3906-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729981"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-16 22:15

Modified

2024-11-21 08:14

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/262258	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20231116-0006/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7047489	Not Applicable
nvd@nist.gov	https://www.ibm.com/support/pages/node/7047478	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/262258	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231116-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7047489	Not Applicable

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement.  IBM X-Force ID:  262258."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la Denegaci\u00f3n de Servicio con una declaraci\u00f3n de consulta XML especialmente manipulada. ID de IBM X-Force: 262258."
    }
  ],
  "id": "CVE-2023-38728",
  "lastModified": "2024-11-21T08:14:07.723",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-16T22:15:11.957",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047489"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047489"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 07:53

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249516	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230803-0006/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249516	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230803-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249516."
    }
  ],
  "id": "CVE-2023-27868",
  "lastModified": "2024-11-21T07:53:36.427",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:50.127",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249516"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010029"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-22 20:15

Modified

2024-11-21 08:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/272646	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240307-0002/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7105502	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/272646	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0002/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7105502	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
hp	hp-ux	-
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23E4D44-3305-407B-92C5-8190434A59DC",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "760B31B3-509C-49E4-BB2C-B48E33782141",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.  IBM X-Force ID:  272646."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.1, 10.5 y 11.1 podr\u00eda permitir que un usuario autenticado con privilegios CONNECT provoque una denegaci\u00f3n de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 272646."
    }
  ],
  "id": "CVE-2023-47747",
  "lastModified": "2024-11-21T08:30:45.360",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-22T20:15:47.267",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272646"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105502"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-02-12 01:00

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/28771	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0401
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28771	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0401

Impacted products

	Vendor	Product	Version
	ibm	db2	8.2_fixpack15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2_fixpack15:*:*:*:*:*:*:*",
              "matchCriteriaId": "17408C42-FAC0-4F2A-9534-A9590BC256CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors."
    },
    {
      "lang": "es",
      "value": "IBM DB2 UDB antes de 8.2 Fixpak 16 no comprueba la autorizaci\u00f3n correctamente para la sentencia ALTER TABLE, lo que tiene un impacto desconocido y vectores de ataque."
    }
  ],
  "id": "CVE-2008-0696",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-12T01:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28771"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ07337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0401"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-08-24 10:36

Modified

2025-04-11 00:51

Severity ?

Summary

Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/53873
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53873

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
linux	linux_kernel	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la caracter\u00edstica XML en IBM DB2 v9.7 anterior a FP6 en Linux, UNIX y Windows permite a usuarios remotos autenticados leer archivos XML arbitrarios a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2012-0713",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-24T10:36:42.147",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53873"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-01 15:15

Modified

2024-11-21 05:32

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/179989	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6242356	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/179989	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6242356	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	10.1.0.0
ibm	db2	10.5.0.0
ibm	db2	11.1.0.0
ibm	db2	11.5.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E94B9A7-5DF7-4F52-B87F-094A50010F79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00edan permitir a un atacante local llevar a cabo acciones no autorizadas en el sistema, causadas por el uso inapropiado de la memoria compartida. Mediante el env\u00edo de una petici\u00f3n especialmente dise\u00f1ada, un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n confidencial o causar una denegaci\u00f3n de servicio. IBM X-Force ID: 179989"
    }
  ],
  "id": "CVE-2020-4414",
  "lastModified": "2024-11-21T05:32:42.877",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-01T15:15:15.030",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242356"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-01-08 01:15

Modified

2025-01-31 17:14

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7175957	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n, ya que se puede incluir informaci\u00f3n confidencial en un archivo de registro en condiciones espec\u00edficas."
    }
  ],
  "id": "CVE-2024-40679",
  "lastModified": "2025-01-31T17:14:12.627",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-01-08T01:15:06.953",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7175957"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-08-31 22:00

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.

References

URL	Tags
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472

Impacted products

	Vendor	Product	Version
	ibm	db2	9.7
	ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.7 anterior a FP2, cuando AUTO_REVAL est\u00e1 IMMEDIATE, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (p\u00e9rdida de privilegios) de una vista propietario mediante definici\u00f3n a una vista dependiente."
    }
  ],
  "id": "CVE-2010-3196",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-31T22:00:02.703",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-04-03 13:16

Modified

2025-01-31 15:42

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

References

URL	Tags
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7145721	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/262259	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240517-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7145721	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la divulgaci\u00f3n de informaci\u00f3n confidencial cuando se utiliza ADMIN_CMD con IMPORT o EXPORT. ID de IBM X-Force: 262259."
    }
  ],
  "id": "CVE-2023-38729",
  "lastModified": "2025-01-31T15:42:01.847",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-03T13:16:00.150",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/262259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145721"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-19 16:15

Modified

2024-11-21 05:32

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/174914	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/2875251	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/174914	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/2875251	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 10.5, 11.1 y 11.5, podr\u00eda permitir a atacantes autenticados enviar comandos especialmente dise\u00f1ados para causar una denegaci\u00f3n de servicio. ID de IBM X-Force: 174914."
    }
  ],
  "id": "CVE-2020-4200",
  "lastModified": "2024-11-21T05:32:23.203",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-19T16:15:11.860",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174914"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2875251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2875251"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-04-28 18:15

Modified

2024-11-21 07:50

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/247862	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230511-0010/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6985677
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/247862	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230511-0010/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6985677

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3",
              "versionEndExcluding": "11.1.4",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service.  Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally.  IBM X-Force ID:  247862."
    }
  ],
  "id": "CVE-2023-25930",
  "lastModified": "2024-11-21T07:50:26.563",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-28T18:15:26.163",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247862"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://www.ibm.com/support/pages/node/6985677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ibm.com/support/pages/node/6985677"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-03-21 16:01

Modified

2024-11-21 04:43

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/158014	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10875860	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/158014	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10875860	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014."
    },
    {
      "lang": "es",
      "value": "Los binarios de IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 cargan librer\u00edas compartidas desde una ruta no fiable, lo que podr\u00eda otorgar a un usuario con pocos privilegios el acceso total a root, cargando una librer\u00eda compartida maliciosa. IBM X-Force ID: 158014."
    }
  ],
  "id": "CVE-2019-4094",
  "lastModified": "2024-11-21T04:43:10.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-21T16:01:05.217",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158014"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10875860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10875860"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 07:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/252046	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230731-0007/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010573	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/252046	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230731-0007/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010573	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used.  IBM X-Force ID:  252046."
    }
  ],
  "id": "CVE-2023-29256",
  "lastModified": "2024-11-21T07:56:45.740",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:50.747",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252046"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010573"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-01 15:15

Modified

2024-11-21 04:43

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/109026	Broken Link, Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/158092	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10880743	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109026	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/158092	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10880743	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1.0.0
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.1.0.6
ibm	db2	10.5.0.0
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	10.5.0.8
ibm	db2	10.5.0.9
ibm	db2	10.5.0.10
ibm	db2	11.1.0.0
ibm	db2	11.1.1.1
ibm	db2	11.1.2.2
ibm	db2	11.1.3.3
ibm	db2	11.1.4.4
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19D90B2-0B71-498B-8428-B27950E1D2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E036B621-7EE1-41E0-AAEC-D13FCB17B2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB95E38-7A78-4798-B0E2-814DAE1153A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B95F778-8E2B-4A6D-BA3B-254F87B492BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B40593-EA0D-4134-BBA0-35DA70D3C6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "177780EE-76F9-41D9-83C9-48C5DFCF8702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E38BC34-066B-4B4D-929F-4E5C6BCB1442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23910ECC-960A-44DF-BA8D-C1553D088EAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.0 usa algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que permitir\u00eda que un atacante descifre informaci\u00f3n muy confidencial. ID de IBM X-Force: 158092."
    }
  ],
  "id": "CVE-2019-4102",
  "lastModified": "2024-11-21T04:43:10.823",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-01T15:15:12.117",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109026"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880743"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-06-05 03:43

Modified

2025-04-11 00:51

Severity ?

Summary

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/52663	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/53704	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463
PSIRT-CNA@flexerasoftware.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495
PSIRT-CNA@flexerasoftware.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496
PSIRT-CNA@flexerasoftware.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498
PSIRT-CNA@flexerasoftware.com	http://www-01.ibm.com/support/docview.wss?uid=swg21639194	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www-01.ibm.com/support/docview.wss?uid=swg21639355	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/60255
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/84358
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/52663	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/53704	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21639194	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21639355	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/60255
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/84358

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	10.1
ibm	db2_connect	9.1
ibm	db2_connect	9.5
ibm	db2_connect	9.7
ibm	db2_connect	9.8
ibm	db2_connect	10.1
ibm	smart_analytics_system_7600	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7EE47-766E-4AA5-BD74-152EDBC1E17F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CDD816C-7070-4118-845E-6205FE130A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A174260C-45A3-4DE3-8B2C-82416196FFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:smart_analytics_system_7600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "077FE845-5F92-4656-A8E9-A68FD73C9901",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en db2aud en Audit Facility de IBM DB2 y DB2 Connect v9.1, v9.5, v9.7, v9.8 y v10.1, como se utiliza en Smart System Analytics 7600 y otros productos, permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21639355\r\n\r\n\u0027The following IBM DB2 and DB2 Connect V9.1, V9.5, V9.7 and V10.1 editions running on AIX, Linux, HP and Solaris (this vulnerability is not applicable to DB2 on Windows.).\u0027",
  "id": "CVE-2013-3475",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-05T03:43:48.050",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52663"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53704"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/60255"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/60255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-05-29 20:15

Modified

2025-06-09 18:59

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7235072	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A9058600-75B6-4228-9B77-C6DAF915F158",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "A7C9B6A1-749A-4388-AC61-318F79DB4519",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "C7DD6EFE-C2DA-42BC-931C-4C347F49BE72",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "685E5B9C-F82E-4BF5-84D2-709CA5FB7F3A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "41FD572B-97C2-4734-BCE7-2F9D59D38C22",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "21C731C8-8712-4B60-852E-70B5EB61C43A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 \n\nis vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5.0 a 11.5.9 y 12.1.0 a 12.1.1 es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2025-2518",
  "lastModified": "2025-06-09T18:59:23.160",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-29T20:15:26.137",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7235072"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-789"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-04-03 13:16

Modified

2025-01-31 15:02

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.

References

URL	Tags
psirt@us.ibm.com	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/283813	Broken Link, Third Party Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240517-0004/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7145727	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/283813	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240517-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7145727	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions.  IBM X-Force ID:  283813."
    },
    {
      "lang": "es",
      "value": "El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegaci\u00f3n de servicio con una consulta especialmente manipulada bajo ciertas condiciones. ID de IBM X-Force: 283813."
    }
  ],
  "id": "CVE-2024-27254",
  "lastModified": "2025-01-31T15:02:40.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-03T13:16:02.220",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/283813"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0004/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/283813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145727"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-22 19:15

Modified

2024-11-21 08:26

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/268759	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240307-0001/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7105501	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/268759	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7105501	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C382D744-D189-4F7D-B896-52C1B87F8C06",
              "versionEndExcluding": "11.5.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.  IBM X-Force ID:  268759."
    },
    {
      "lang": "es",
      "value": "El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegaci\u00f3n de servicio cuando se utiliza un cursor especialmente manipulado. ID de IBM X-Force: 268759."
    }
  ],
  "id": "CVE-2023-45193",
  "lastModified": "2024-11-21T08:26:31.340",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-22T19:15:08.520",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268759"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105501"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-08-31 22:00

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430

Impacted products

	Vendor	Product	Version
	ibm	db2	9.7
	ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.7 anterior a FP2 no realiza correctamente el control de acceso en el monitor de vistas administrativas en el esquema SYSIBMADM, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2010-3197",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-31T22:00:02.750",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command."
    },
    {
      "lang": "es",
      "value": "El componente Relational Data Services en IBM DB2 v9.5 anterior a FP5, permite a atacantes obtener el argumento \"password\" (contrase\u00f1a) desde la declaraci\u00f3n SET ENCRYPTION PASSWORD a trav\u00e9s de ventores que involucran el comando GET SNAPSHOT FOR DYNAMIC SQL."
    }
  ],
  "id": "CVE-2009-4333",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.563",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-09 17:15

Modified

2024-11-21 06:18

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/210321	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20220114-0002/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6523808	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/210321	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220114-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6523808	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:-:*:*",
              "matchCriteriaId": "CC97D272-ABEE-4FA3-BE61-67AAD2A8D281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00eda permitir a un usuario local conseguir privilegios debido a que permite la modificaci\u00f3n de columnas de tareas existentes. IBM X-Force ID: 210321"
    }
  ],
  "id": "CVE-2021-38926",
  "lastModified": "2024-11-21T06:18:13.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-09T17:15:07.690",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210321"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523808"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-17 00:15

Modified

2024-11-21 08:19

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/263574	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20231116-0006/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7047563	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/263574	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231116-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7047563	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8966D805-3817-488E-B692-D15838AD3469",
              "versionEndIncluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions.  IBM X-Force ID:  263574."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) es vulnerable a la Denegaci\u00f3n de Servicio con una consulta especialmente manipulada que contiene expresiones de tabla comunes. ID de IBM X-Force: 263574."
    }
  ],
  "id": "CVE-2023-40373",
  "lastModified": "2024-11-21T08:19:19.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-17T00:15:10.970",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047563"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-24 19:15

Modified

2024-11-21 06:01

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/203031	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6466373	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/203031	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6466373	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, en circunstancias espec\u00edficas de ca\u00edda de una tabla mientras se accede a ella en otra sesi\u00f3n, podr\u00eda permitir a un usuario autenticado causar una denegaci\u00f3n de servicio.  IBM X-Force ID: 203031"
    }
  ],
  "id": "CVE-2021-29777",
  "lastModified": "2024-11-21T06:01:47.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-24T19:15:08.453",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203031"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466373"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-829"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-25 14:29

Modified

2024-11-21 03:59

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016143	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1040967	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/142648	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016143	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040967	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/142648	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) podr\u00eda permitir que un usuario local desborde un b\u00fafer, lo que puede resultar en un escalado de privilegios al propietario de la instancia DB2. IBM X-Force ID: 142648."
    }
  ],
  "id": "CVE-2018-1544",
  "lastModified": "2024-11-21T03:59:59.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T14:29:00.857",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040967"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142648"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-12 21:29

Modified

2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22006061	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100690	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1039301	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/128178	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22006061	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100690	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039301	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/128178	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	11.1.0.0
ibm	db2_connect	9.7
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.11
ibm	db2_connect	10.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.7
ibm	db2_connect	11.1.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F07F2-3F58-4999-97E9-50C627D9CB84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "CA651B7E-418B-4C3C-9A83-7E25342D884F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2418D4-8A16-4617-AE27-B2FDD68711C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC23293-580F-48B7-BB18-C91E254B4885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DD2BBD-1ED1-4FF0-8A5D-AD36B71BF5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A09A6A-D7D8-4ADE-850B-1FA98E4FD8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45EA04C9-3B45-47C2-88C6-4BE578673A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "10331272-C7E3-4F77-BAB7-C931CDD57699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "781B87AB-DBCA-495A-B809-648357EF6873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8F6CF0-8418-41CB-B3E5-B04CF633DBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28D8A2E-ECA5-401E-806B-2385668C90D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D92905F-5327-4CAA-9ECE-5211FB92BF14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9620D61-5F09-44E7-A19F-7E70A7F0D832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC80416E-982E-496E-BB46-5928FDB8CF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B2A6C0-93D4-4648-A507-62F075D6AFCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9510BA35-C62A-46CE-A009-F20971EAE9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE54DD24-2E67-49D9-81EB-88A50ED3FB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20186C62-14F0-47FA-BF37-772AEDF64E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD73C3-412C-461A-A1A4-BB760CC3C2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D91F10-BC9A-4A20-A153-022C9207A1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95700FA-C64B-40D9-81C5-39A76961A89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DF3EF9D-7FD1-46F4-A745-2C3D31B2E12F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "269C7299-D812-462D-9C4D-D36F5665789E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89A2701-5904-4DBD-8AAC-9972611CC92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B42E8C32-272B-4D9D-8479-D15D511FAAE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E32FD81-F765-4115-9977-B1913CE13106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10,1, 10.5 y 11.1 (incluido DB2 Connect Server) podr\u00eda permitir a un usuario local con privilegios de propietario en la instancia DB2 obtener acceso root. IBM X-Force ID: 128178."
    }
  ],
  "id": "CVE-2017-1451",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T21:29:00.567",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100690"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039301"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128178"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=110495483501494&w=2
cve@mitre.org	http://secunia.com/advisories/12733/	Patch, Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781
cve@mitre.org	http://www.nextgenss.com/advisories/db205012005G.txt
cve@mitre.org	http://www.securityfocus.com/bid/11400	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17614
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=110495483501494&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12733/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781
af854a3a-2127-422b-91ae-364da2661108	http://www.nextgenss.com/advisories/db205012005G.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11400	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17614

Impacted products

	Vendor	Product	Version
	ibm	db2	8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8190EC6B-BA0D-498D-8ECB-2E37D8742A29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference."
    }
  ],
  "id": "CVE-2005-4869",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110495483501494\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12733/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.nextgenss.com/advisories/db205012005G.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11400"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110495483501494\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12733/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.nextgenss.com/advisories/db205012005G.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17614"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-02 11:30

Modified

2025-04-09 00:30

Severity ?

Summary

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/36890	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/37454	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1023242
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21403619	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3340	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36890	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37454	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023242
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21403619	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3340	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8
ibm	db2_universal_database	8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB95F92-EA60-4301-99AD-AC8DA2491086",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp1:aix:*:*:*:*:*",
              "matchCriteriaId": "E9D53A45-A270-47A6-8E52-4EFD20B60454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp1:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "1DC0FD0B-BB91-4881-8BEF-2FF5DEE799FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp1:linux:*:*:*:*:*",
              "matchCriteriaId": "C4D89C55-70BA-4DEB-A3CB-93F1F01BBB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp10:aix:*:*:*:*:*",
              "matchCriteriaId": "F805BA54-A413-46EC-A1C0-EEE5A8FB3C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp10:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "DAA10457-D52B-4AE5-8635-E072B5E25662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp10:linux:*:*:*:*:*",
              "matchCriteriaId": "F9EF7B04-D200-4648-AD26-D78BD8B032FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp10:solaris:*:*:*:*:*",
              "matchCriteriaId": "EB3DA89D-B79A-4B02-A287-C505D1FE8004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp11:aix:*:*:*:*:*",
              "matchCriteriaId": "D52430A4-018F-4342-A1F5-4093CBBCFFED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp11:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "7A1C82E1-F8EF-40CD-ACDD-081FFC268FBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp11:linux:*:*:*:*:*",
              "matchCriteriaId": "C1B22E99-C013-49B3-BE3E-DB9DB685CA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp11:solaris:*:*:*:*:*",
              "matchCriteriaId": "9173E3FB-1DA9-4DD8-A08F-8A730BEB27B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp12:aix:*:*:*:*:*",
              "matchCriteriaId": "58D0932B-A52A-48BB-ADFB-AEB17FCF69E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp12:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "F63AA153-396F-43AC-8CB0-8E27F119FF5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp12:linux:*:*:*:*:*",
              "matchCriteriaId": "7C132382-0C33-4E9B-878B-2C626D34DB10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp12:solaris:*:*:*:*:*",
              "matchCriteriaId": "C1C093DF-FCD2-47FC-8C8E-1468A5FA06B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp13:aix:*:*:*:*:*",
              "matchCriteriaId": "27E209D3-741C-4BD6-AE5A-A52C0C0EAEA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp13:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "AA4A6254-B6BB-42DB-9E2F-7AA960AD8C41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp13:linux:*:*:*:*:*",
              "matchCriteriaId": "BEBC3282-413E-4A0C-BDEA-B5671BF51F71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp13:solaris:*:*:*:*:*",
              "matchCriteriaId": "45802AC3-78BB-4190-AB93-B67F586B94C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp14:aix:*:*:*:*:*",
              "matchCriteriaId": "99270F25-D30F-4120-9FA2-35C39CEEC8B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp14:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "BDD49D30-7ACF-4A33-B92D-C66BE9929BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp14:linux:*:*:*:*:*",
              "matchCriteriaId": "3664CEE2-0449-452B-A934-170F0349A57C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp14:solaris:*:*:*:*:*",
              "matchCriteriaId": "4A9A7663-3322-45A9-A5D8-E0970336F68D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp15:aix:*:*:*:*:*",
              "matchCriteriaId": "D6B6EAB4-5A66-4BEB-B38B-DA0124DD6F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp15:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "9BC307F3-A9A0-4C48-8983-64B1B237AAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp15:linux:*:*:*:*:*",
              "matchCriteriaId": "44C9C5AF-26E2-4C0F-9816-0CF3EE02A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp15:solaris:*:*:*:*:*",
              "matchCriteriaId": "68018945-8F40-436E-9981-4C3B62EAD28E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp16:aix:*:*:*:*:*",
              "matchCriteriaId": "09E620E2-55BF-480C-9698-113505F90BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp16:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "B74F7B8A-0E7C-4190-AF4E-2389F18997E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp16:linux:*:*:*:*:*",
              "matchCriteriaId": "9263F04B-FF63-4DF7-8C77-C6CE7B67BFD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp16:solaris:*:*:*:*:*",
              "matchCriteriaId": "F88DCFD5-CB47-49C9-99CD-8D46827A02B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp2:aix:*:*:*:*:*",
              "matchCriteriaId": "A24425DA-1FAC-43BC-86F3-1E561277AF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp2:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "23BB5DCC-CC6E-4118-B0D4-DEE6EA54D05A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp2:linux:*:*:*:*:*",
              "matchCriteriaId": "E6097C8C-41B1-4CC8-AAD3-3731D103093B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp2:solaris:*:*:*:*:*",
              "matchCriteriaId": "1DF33116-6CB4-48B2-BF23-632F185EB7CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp3:aix:*:*:*:*:*",
              "matchCriteriaId": "6A3A0A74-100A-4B37-8D45-3F59FE403D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp3:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "741D3457-DA96-4AF1-A036-7FAF640C8D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp3:linux:*:*:*:*:*",
              "matchCriteriaId": "D55F0E1F-2905-4ABC-9A9B-FF62299F679D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp3:solaris:*:*:*:*:*",
              "matchCriteriaId": "12EB2606-33BE-4253-94B7-43E76F0BB430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp4:aix:*:*:*:*:*",
              "matchCriteriaId": "55E1A553-1786-489D-9BE2-60D7348FD8F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp4:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "E8C502A3-56DA-4104-BCAC-3E5D454D49F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp4:linux:*:*:*:*:*",
              "matchCriteriaId": "F98FA787-A7E7-45BA-A3DC-F25C2FC74A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp4:solaris:*:*:*:*:*",
              "matchCriteriaId": "2C8DA7D4-0375-412A-9DDF-E31D6D1CD5C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp4a:aix:*:*:*:*:*",
              "matchCriteriaId": "58F68270-C74E-415E-A8C1-3FE5940B8DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp4a:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "F677E182-A145-42D0-8580-8467279938CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp4a:linux:*:*:*:*:*",
              "matchCriteriaId": "D02E2CF9-CE08-4B0B-ADD5-1A9AE7DE8B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp4a:solaris:*:*:*:*:*",
              "matchCriteriaId": "AB99106D-14C9-4E95-92BA-0DDF1EF48B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp5:aix:*:*:*:*:*",
              "matchCriteriaId": "36A0742E-E958-4328-B9A8-2D4BA883926F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp5:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "13FE19E6-67FD-450F-9129-8DCF4707C0BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp5:linux:*:*:*:*:*",
              "matchCriteriaId": "8A8E27E2-4470-40B6-BE35-3B96D375D891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp5:solaris:*:*:*:*:*",
              "matchCriteriaId": "045B87AF-476D-4A13-88E4-C0ADF8F1374D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6:aix:*:*:*:*:*",
              "matchCriteriaId": "16E17C4B-C233-4C27-90DF-34802571EFBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "B2C32CFE-2C37-44B4-B05F-B4B41ADEEB17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6:linux:*:*:*:*:*",
              "matchCriteriaId": "A32039C1-C940-4ACC-8236-6C48286CD8EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6:solaris:*:*:*:*:*",
              "matchCriteriaId": "9E792924-8741-42EA-B091-521A8D806393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6a:aix:*:*:*:*:*",
              "matchCriteriaId": "1BCDD273-AA59-427A-A13C-21D2D18862C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6a:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "63FB9C7D-72AB-40B8-B9A0-107707AB970D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6a:linux:*:*:*:*:*",
              "matchCriteriaId": "BFDEB3C4-261D-4A44-898F-0972C4E0BADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6a:solaris:*:*:*:*:*",
              "matchCriteriaId": "711D578D-53FA-4FE3-87D4-49E8A6B27645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6b:aix:*:*:*:*:*",
              "matchCriteriaId": "8AC7F72B-8BC0-4186-9EA7-B1B4CF4DE029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6b:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "492DF384-0687-409F-A416-D545E3CA4B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6b:linux:*:*:*:*:*",
              "matchCriteriaId": "A1ACA5ED-C596-48A4-A60F-AF29457D8E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6b:solaris:*:*:*:*:*",
              "matchCriteriaId": "17C07869-F96F-409A-A5A8-DAEF37513442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6c:aix:*:*:*:*:*",
              "matchCriteriaId": "0A7DFEC9-AF38-457A-A4E6-77EFFDEC6E8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6c:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "BEF40CF8-4858-4AD2-9136-B9E7742609E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6c:linux:*:*:*:*:*",
              "matchCriteriaId": "02AEA3AF-76F2-479E-97FF-259228157219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp6c:solaris:*:*:*:*:*",
              "matchCriteriaId": "D9C4CF66-D4BA-4C00-8891-BEEB0DD665A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7:aix:*:*:*:*:*",
              "matchCriteriaId": "28589727-AE9E-4181-8B41-46192B593E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "F458C66B-ACE1-4315-A8CC-4CEFAD41028D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7:linux:*:*:*:*:*",
              "matchCriteriaId": "83642434-B93C-450B-99EA-270008B4E37D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7:solaris:*:*:*:*:*",
              "matchCriteriaId": "F2AD8AC6-239A-4CFE-9D9E-8A841A867725",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7a:aix:*:*:*:*:*",
              "matchCriteriaId": "5187C464-0B04-4D29-8700-F4D9359F0564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7a:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "9A1A163A-AA78-48E1-9C86-C8A1A1A29929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7a:linux:*:*:*:*:*",
              "matchCriteriaId": "20AC001E-4C76-42CB-A8BC-790BD0C39F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7a:solaris:*:*:*:*:*",
              "matchCriteriaId": "4B4F776B-5914-4BDE-9C2F-84E3795FA788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7b:aix:*:*:*:*:*",
              "matchCriteriaId": "11D13957-FDE1-4B00-8753-BA94C0DAA249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7b:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "C18FB58D-6EC6-4CDD-912B-18A17F7E957B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7b:linux:*:*:*:*:*",
              "matchCriteriaId": "2045E0EA-B405-4BF0-A817-34E79317F46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp7b:solaris:*:*:*:*:*",
              "matchCriteriaId": "4541F041-F2F4-4491-BDBE-4215A75E832C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp8:aix:*:*:*:*:*",
              "matchCriteriaId": "2F7D3287-9D4C-4AA7-8232-3543369397CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp8:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "BA5B0AA2-E067-4FFF-ADE1-145D8A1C1B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp8:linux:*:*:*:*:*",
              "matchCriteriaId": "0C35EA9D-DEFE-4B81-B5C9-51103273F661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp8:solaris:*:*:*:*:*",
              "matchCriteriaId": "C92BCF46-BEBF-433C-A095-44E6F7A16E3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp8a:aix:*:*:*:*:*",
              "matchCriteriaId": "308D7247-F21E-4199-BA14-FE318637F3C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp8a:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "84E99600-0016-4FD9-BFC9-D2CD913012BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp8a:linux:*:*:*:*:*",
              "matchCriteriaId": "0CBA4D6B-4C07-4780-8760-00F82D0016E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp8a:solaris:*:*:*:*:*",
              "matchCriteriaId": "332C4CED-4E32-48C6-BF91-43409E0C7D8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp9:aix:*:*:*:*:*",
              "matchCriteriaId": "1F5AD43F-1D06-447F-8B66-89207DE3AECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp9:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "CEC1C774-2AD9-4EBA-AB11-70135F20D006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp9:linux:*:*:*:*:*",
              "matchCriteriaId": "5CE1E38B-FEA7-45CE-A50E-A4670AB925EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp9:solaris:*:*:*:*:*",
              "matchCriteriaId": "BDC3F77B-9C7C-4D56-B575-FFFF0AD51E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp9a:aix:*:*:*:*:*",
              "matchCriteriaId": "F9D03647-B68E-4950-A718-7E83135A8BE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp9a:hp_ux:*:*:*:*:*",
              "matchCriteriaId": "27F207B6-B5E8-4972-B315-106F4903B8B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp9a:linux:*:*:*:*:*",
              "matchCriteriaId": "C934F5CD-7E30-497E-9DD8-BB92646B81E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_universal_database:8:fp9a:solaris:*:*:*:*:*",
              "matchCriteriaId": "43D68C54-E197-43AD-94CF-AA2CF1B2D76C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors."
    },
    {
      "lang": "es",
      "value": "dasauto en IBM DB2 v8 anterior a FP18, v9.1 anterior a FP8, v9.5 anterior a FP4, y v9.7 anterior a FP1, permite la ejecuci\u00f3n a trav\u00e9s de cuentas de usuario sin privilegios, lo que tiene un impacto y vectores de ataque no especificados."
    }
  ],
  "id": "CVE-2009-4150",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-02T11:30:00.627",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37454"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023242"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3340"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-05-03 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/44229	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119
cve@mitre.org	http://www.securityfocus.com/bid/47525
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1083	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/66979
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44229	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47525
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1083	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66979
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	*
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "C8517013-E26A-43D1-B3E7-3A9905B5BD98",
              "versionEndIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "E3E12C63-19FF-4BB9-9389-BF5E6B493F42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "E4312D00-16F8-42CA-AB58-82F66781910F",
              "versionEndIncluding": "9.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no fuerzan correctamente los requisitos de privilegios para acceder a la tabla, permitiendo a usuarios remotos autenticados  modificar las columnas de estad\u00edsticas SYSSTAT.TABLES  a trav\u00e9s de una instrucci\u00f3n UPDATE. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2011-1847",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-05-03T20:55:12.510",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71413"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC72119"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/47525"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1083"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66979"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC71413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC72119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-10-01 01:59

Modified

2025-04-12 10:46

Severity ?

7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010	Permissions Required
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011	Permissions Required
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012	Permissions Required
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21990061	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/93012
psirt@us.ibm.com	http://www.securitytracker.com/id/1036837
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21990061	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93012
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036837

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2	9.7.0.11
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2	10.1.0.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2	10.5.0.7
ibm	db2	11.1.0.0
ibm	db2	11.1.0.0
ibm	db2	11.1.0.0
ibm	db2	11.1.0.0
ibm	db2	11.1.0.0
ibm	db2	11.1.0.0
ibm	db2_connect	9.7
ibm	db2_connect	9.7
ibm	db2_connect	9.7
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.11
ibm	db2_connect	9.7.0.11
ibm	db2_connect	9.7.0.11
ibm	db2_connect	10.1
ibm	db2_connect	10.1
ibm	db2_connect	10.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.7
ibm	db2_connect	10.5.0.7
ibm	db2_connect	10.5.0.7
ibm	db2_connect	11.1.0.0
ibm	db2_connect	11.1.0.0
ibm	db2_connect	11.1.0.0
hp	hp-ux	*
ibm	aix	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "178CD2CC-B0D6-4F9B-A831-A2ACCB7A84A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "21A98521-C943-4161-A363-B7B95BDA9834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C214C846-04C9-4F22-A7D3-0198D9DC7F72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "D6A59399-CBAB-47F2-A10B-30AAD4CBB155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "F7517329-D20E-47F1-95F1-77B8F5675D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "72FA0609-7995-4424-A8C9-B804300D54DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "BE75DDE9-58B4-4851-A1B2-65CB8E877C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "8ADE94C4-769A-4AAE-A5FB-55575016D51A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:express:*:*:*",
              "matchCriteriaId": "63999EAB-82B3-4617-B81D-57B1230CC8D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "F97D1D66-0CC4-4CB4-AEEC-1A89825430B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "654ADB90-BD74-4D48-AACA-6A5872188489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "CB725265-78B3-46C2-8440-D0774E1546E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1E62C8AD-00D0-4D01-89A2-5C167EFA01BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:express:*:*:*",
              "matchCriteriaId": "286FE494-777D-4833-8155-73EBFE5FE9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "75A10653-BDF2-400F-9BE6-D97D206FA05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "969490BD-E0E7-4084-B7DE-4E1F8A577A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "AA58137A-A4CA-4599-89A7-7ECFFEC6FD21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "73419A77-34EC-405D-A0DD-F74038A9AA55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:express:*:*:*",
              "matchCriteriaId": "E7AFFD68-912E-4EC3-8BD3-AFB0FF2ED35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "53AF9275-862F-4B16-B396-644A4274F59C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "15800A2B-0F00-41A6-984F-B240A8808EB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "A3CF9276-2F50-4276-9599-4C1FACDD5FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2F894A3D-A9A5-4031-B06A-967659941B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "C86BD01F-EDC8-4DF8-B9ED-5FBB73CFF207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "15BBE131-F21A-4B7F-B9B7-364EF4030881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A390F0B7-D555-4C97-B15B-AC6A43787E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F90DFB7F-6814-4B10-B7C7-E237464D3D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4F5EAB4D-E6C3-4D39-AD82-DEFBB53919EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:express:*:*:*",
              "matchCriteriaId": "48334AA6-4F27-4E4B-A18A-264654225886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "62F74620-7648-4EC9-8677-E9454B8EAB17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "F120F1BA-E1CA-4334-B9D4-E8AD3DAFC713",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "7AA3EE6C-8312-403B-84E6-DBD7510DBE3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2074CA1A-BB2A-4F60-8547-0A39BEDD09F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "72EB4294-534E-4AE1-8F29-E0D135E1E7F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "D5AF5C44-3736-4FA0-BA19-2845F57BB043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "7FBF2CE1-BF7E-4635-A4C2-B8F5F2338161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "296B7182-3453-47D1-B54A-C2D1336424B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AABD6673-F7A6-486A-A83E-89F0172311ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:express:*:*:*",
              "matchCriteriaId": "5A1D1E23-2979-4188-B12D-66CF0F681354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "9B31EAB3-D885-452A-93B2-22A3F94FEB08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "BE50990D-E66E-4A19-88D8-7B5CB5CA4A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD0EE0C0-B089-4A2A-8438-3F31BA1CCB3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "E76E023D-7784-4B6C-BD01-534CAF5593D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:express:*:*:*",
              "matchCriteriaId": "22406FC8-D248-4F29-9ACC-C5F759EC6FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "5640DC5A-2C5E-4B17-95D9-5FBCF73A5C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "31215FF9-5DEC-4B2B-86C3-1ADE658F6B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B39D6D16-6B10-4C87-BFA4-981ABD4DFD88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C8640FCE-EA72-43BD-939A-AF48E1B534C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:express:*:*:*",
              "matchCriteriaId": "F926754F-71A8-4570-B5F7-38C7F1F9C464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "4E028577-7C4C-4091-81F4-7872CC6F2E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "5A3E5BD5-6C94-4128-BA0B-1F434E185746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "D608FE25-68DB-4436-9C30-14B2D509F7D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "7647800B-5603-42A4-8CBC-6A0BA228F1D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:express:*:*:*",
              "matchCriteriaId": "95C63204-F838-4CE4-B98C-21461E8028D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "938864B9-44D0-47E6-9961-9C4474AC6643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "D3396279-1384-42C7-AE23-9C22027BF849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "2B41AD1A-4EC2-4FB9-BE50-07F4EA8DB52A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "08B19729-1FF1-4253-9C76-707357FC3085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "84283835-03F9-496B-B22F-C201BB53F9CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "221885F3-AD20-46B4-983F-51349493B259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "92E3C74F-6764-4D96-B5BC-2395B95F8A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "2811974B-5CBD-4A14-8309-6FAC942B36EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "957BCDB3-D975-451D-8EB8-B06BFDF22AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:express:*:*:*",
              "matchCriteriaId": "2F46AA23-B030-4752-9B23-0B84A9A9D849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "EB7647F0-40F1-4861-8F5A-7A60D0406171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "B7B3A7E6-72C8-48AF-85D7-2D8B47545E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "9385C154-3FE2-4C9B-ABB2-E0AC9D32F410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "8B05B2E7-77DB-4C2A-8FB0-81AE7424573E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:express:*:*:*",
              "matchCriteriaId": "66361477-AF76-4C7B-A400-473448F48C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "C5F04C50-77EB-4D29-B17A-B6962BB71A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "DE8DB42E-633E-483A-84F0-404900E9CEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "70CA5418-9B60-4972-B38E-12560C3ADFA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "71990C6B-6942-4319-90A2-19F5ED136B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:express:*:*:*",
              "matchCriteriaId": "CF3CB891-AE62-4E0E-926A-7355554E022E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "57513E4A-AC67-4DC3-8FAD-309BBEF64360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "B3F57784-9A43-4B4B-8910-C8509CF92EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "DE19053A-9DE6-40AA-BFAA-CE98AB1360F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "456DF2B9-1107-4F4B-BF8E-2CCCAC5CFCC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "73776FA2-6E94-49FF-AE08-6A4767C1DC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "B60627D6-FBB6-492A-B7FF-2733EA1E8F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "C66D33C1-8FB6-4840-8797-A0A8822BA657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B271D557-5CDE-4B23-AEC3-BEAFA0DD8020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "61CB1EB7-4012-491F-AE13-EDAE4B3F564D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "DCAB0313-EC4D-41BB-AE87-27DADC448DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "2C8493DA-57EB-44C8-A47F-519B5A716CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "C59A77F7-10AD-4149-BCAB-44E0C3BD0477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "53158B7F-3D69-4ED0-AFA8-053AE0DD36C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D9F12837-B444-43D8-BE8B-6723C079D148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACDBAE00-B031-4C48-8CD5-B1EAEAC6371A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "05C71242-D201-49CF-A091-A2400BAB7F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2D4622F5-4384-4B62-84E6-AFB01B26717C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E59FE93E-A983-4F55-8C40-DC0F88372185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "3BD40599-8F50-4882-AB1F-C6E4BA7E787D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:express:*:*:*",
              "matchCriteriaId": "F04F901A-A846-4E45-8F48-C4D5F86CDFF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "9D0D0938-DD1F-46F3-BF06-72C6BA85195C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "D10F4882-F09F-449E-BB46-8532FC7E667F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "32618EBA-B913-4DA9-801D-24ED735D50A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4C1C6574-18E1-4FBC-B78D-788910659710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:express:*:*:*",
              "matchCriteriaId": "6A03EEE1-E6F3-44B1-B2F4-B1C48F155BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "8A5BB979-A1A2-4C1B-879E-8EB96026C7CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "9B6725E8-476E-41DA-AC46-B898467FE553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "9AF7330E-EAA4-4063-879D-9DC5B7505EAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "73EF53E9-B6C9-4A8F-8EE9-4D190DA686BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "F98A9F67-78B0-40E5-8CAF-37B6B2AA6F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "D7AF250F-8D36-4596-9754-2718EFBA5B39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "6D38B577-3919-4E91-9EBC-A5E247AAED2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "36831245-948F-443F-A231-F4451154E96B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "89037FB6-8E7D-4E4E-957B-39AC7A7E7693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:express:*:*:*",
              "matchCriteriaId": "382FE250-BD14-4051-9666-4CDDBDF4D6DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "376217A0-1D6C-4279-9528-D738920A127F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "88B4D2AF-6831-4B8B-B093-1ECF8A0BABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F64EC511-E8E4-459F-99F2-8B0167B3DC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A0D8A2E7-E382-4E9B-A409-0C27C3F6819C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "B254202B-1A6C-4506-BE7F-2B746DF1EFA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "E7BF68DD-442D-4AA9-9139-A2A0FF903FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "C73FFACA-DFDF-4B02-A6DD-E08A5136828C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "69923E2A-8CB3-48CA-A174-41A02EEC5489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "29C6AA03-EE59-4081-B8EC-5A40A431350E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:express:*:*:*",
              "matchCriteriaId": "4B3F727A-4103-4BF6-8769-CFA3B243E578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1839AE37-C445-4E28-AAD9-3CDDF8AED4EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "3F75FF9A-AAAE-4EFA-B698-230B5CCD0940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4D38B30C-4CC3-43C9-9360-0A79C36A222F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "3599AC98-ACD3-4A09-9764-080A6B8F56A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "C7D25C1C-3560-48B9-A7E1-1E268BDE5A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2E22AE16-1F17-4F1D-8C00-949729FA3A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "B26A6BF8-F321-4EC3-8EE9-1396C0513B55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "927E9A8F-82B4-4D3B-B800-F1A11A90046E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AFD159D3-2FE5-4815-8365-53CC36204B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "524EC7BA-7470-4D09-8796-CAF9D5A85DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "D044ABF8-2F9A-4505-9BB7-776A90D647C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AB7D388A-456A-490A-9D4B-4AE2BCC871C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "A841C615-D049-44CA-BB0E-BCC526535227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "D5BE71A5-6298-4E05-859E-153C47C3B032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D8FC0956-2B4D-43E0-ABD7-23915DCA8E01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "5528F9F8-80D2-4AA8-B151-FABEABCFFC83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "113F8614-32BE-4A9E-B770-BE768947C13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "77B720B6-E253-4FEE-A9EE-CE4C455FBEBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "2A73D3F8-803E-4E75-9E01-8F004C50190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "0592E180-F4DC-424F-93A4-4B0C6350C6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DCAE5624-B81B-4253-A416-D2111B10F29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "C662B9B9-D210-484A-9D43-A30585052F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "7172F912-E08B-4102-B38D-A3B1671DED62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B219F088-3C1D-4468-9990-35D48E3C1092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "FFA270A6-81CD-4D24-B37F-9BE7AD4AC258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "7DE842AD-EECE-4CF4-886C-91AF654C7492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6766C050-5775-4C58-BC77-C9B6A8EDF3E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "AD9377C9-3F5C-4F9A-92FF-18F3E4312CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "5E4899B5-2326-4A30-BE94-E66272B14FCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "E9EBF086-C6C9-4386-9645-3E97A61ADC8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "DD7C0F7C-7682-49FF-AAA5-C6D59D00214D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "DF7307CA-59F9-41F9-B7B6-C5EAC6F01883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CAFE61E6-92A6-4409-937A-A3620579EFDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "819EB03B-445B-42A5-96D7-56E1D5D21088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "32C4BA27-E82C-4453-BC80-22A74568B229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "79FEC79B-F178-4D66-97BF-9E6909DB5F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "AB2DA26B-B0DD-4995-86BD-2BC455888415",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "44010A01-4E33-4A6D-83DE-6235AEEE90F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F40068BF-82CC-43D5-99BC-1228337995FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "97626150-FED1-49F7-9CA5-4A5C61A5544C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "C679EB6F-C5C7-4206-B6D4-931D47D99FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C2CB92C8-26B8-4CBE-9B1A-2E32BF22AFAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "84266CFB-28C7-4CA6-9019-F5E76BE4B334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "3A07AC99-0665-4CF4-A5D3-BDAC0031F4C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AD9FB45B-35E8-43B8-B64B-E36EA9B8614E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "DF0FDD49-560E-4413-9577-4258A205E24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "573E9E55-9192-4DAD-808C-40383043E69E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "ED4D2143-BE03-43ED-ADBE-2FE007774356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "F7D6A273-8D1A-4D5B-A48C-AEF57CB9EB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "6CF6EBC2-4172-4916-A31B-BDE3257C057B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "115908C3-8273-482A-BA95-60E7A9309E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "F3D6B5E7-63F0-4A6E-992D-05D4A3A4E189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "78CF81B1-08BA-4216-9FB1-B5430F0474BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "73C671CA-712E-485B-97DD-FA6246FAA61F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "FC5837DD-D508-4695-ADF8-2AAE0D853CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "C22B49A3-FE14-4677-A141-935AE852E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "278FEDCA-CDE6-4EB6-BCD8-B4B0507DC9A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "B0106414-9BB7-4189-B30E-E5D2B92DCD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "057148B7-7877-406B-BCCA-4F73EB763E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FCE19A5D-FD98-4894-9E3F-402201183C06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "657F1C1B-7C19-499A-9E83-5C02E6CCBBF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "87F1950D-DA81-4FE9-92A7-FFA4C848712C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D88F6FBC-E7EC-4DCD-83C2-B97796A8FABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "7C1FDAEF-9898-45BF-B6F8-3B11643E3E21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "BB04D50F-A3D4-450B-9B54-B01EF5262875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2BFBADE9-6B3A-4E57-B5C7-CB1F64A2A117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "DBF9677A-C9A3-4E7B-9F6C-D5B25D3199E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "8E9DC60B-AD0B-411E-8C45-FC13BAE808E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "BE06C451-7ACE-4C51-97D3-0706670289A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "A485805A-CAD3-4413-9884-B5FDA2335EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "813AE8F1-4CBC-48C1-BD8A-E34B504FCCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A7F6A685-02F4-4588-9E93-F5B3786C3798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "D9F2DA09-A6AB-4E8E-8DD2-944F3C212C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "8E6366D7-1F03-458D-A85B-F58A7C42EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FACC7C87-6BB7-4538-B6FC-0B751D674855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "4EA683DC-1241-4B82-BEAC-E5A1DA37CEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "DC1FDA00-1A3E-4520-ABBA-F9A28CF1D5D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C6B3BA4F-A16F-466E-890D-342A11A4D91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "4B778C91-03D0-4A20-9D68-A2F52D9A3302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:application_server:*:*:*",
              "matchCriteriaId": "38EB6F60-D89E-4594-A323-3F9A7751E2D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A60F310-FB14-4B46-8ECE-310B6690FD7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:unlimited:*:*:*",
              "matchCriteriaId": "E80151B7-9F69-428F-9689-78FF8F24BF61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en IBM DB2 9.7 hasta la versi\u00f3n FP11, 10.1 hasta la versi\u00f3n FP5, 10.5 en versiones anteriores a FP8 y 11.1 GA en Linux, AIX y HP-UX permite a usuarios locales obtener privilegios a trav\u00e9s de una librer\u00eda troyanizada a la que se accede mediante un programa setuid o setgid."
    }
  ],
  "id": "CVE-2016-5995",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-01T01:59:08.537",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990061"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/93012"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1036837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036837"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-29 19:15

Modified

2025-08-07 00:28

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7240953	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "385D4613-C252-4075-8485-55B8E32DC970",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9DD542DB-0839-4057-8551-55154788182A",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "D9ED6DEF-712F-4BB0-8676-D5DB6A269EBF",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "3B5A9A8A-5EE6-428A-8B3D-543B2F84D615",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "5971CCFD-FB34-4216-8A87-A4310EF34F23",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "960AA97F-0D2C-4B33-9754-69BC28399BCE",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "5D256132-BDD1-4EE8-95CE-D8F6F1A34085",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "7C549B0C-9BA1-4287-8734-62B6E76D2C5E",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B546C523-9A9C-4555-8A2E-2E7D1676F695",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5.0.0 a 10.5.0.11, 11.1.0 a 11.1.4.7, 11.5.0 a 11.5.9 y 12.1.0 a 12.1.2 es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2024-52894",
  "lastModified": "2025-08-07T00:28:38.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-29T19:15:44.670",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7240953"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-16 21:15

Modified

2024-11-21 08:01

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/253440	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20231116-0006/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7047560	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/253440	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231116-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7047560	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases.  IBM X-Force ID:  253440."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la Denegaci\u00f3n de Servicio con una consulta especialmente manipulada en determinadas bases de datos. ID de IBM X-Force: 253440."
    }
  ],
  "id": "CVE-2023-30987",
  "lastModified": "2024-11-21T08:01:11.403",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-16T21:15:10.627",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047560"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-04-26 13:15

Modified

2024-11-21 07:56

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/252011	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230511-0010/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6985691	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/252011	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230511-0010/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6985691	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3",
              "versionEndExcluding": "11.1.4",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance.  IBM X-Force ID:  252011."
    }
  ],
  "id": "CVE-2023-29257",
  "lastModified": "2024-11-21T07:56:45.847",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-26T13:15:08.853",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252011"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985691"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-02-12 01:00

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Vendor Advisory
cve@mitre.org	http://osvdb.org/41795	Broken Link
cve@mitre.org	http://secunia.com/advisories/28771	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/29022	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/29784	Third Party Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972	Patch, Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973	Patch, Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917	Patch, Vendor Advisory
cve@mitre.org	http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/491075/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0401	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/41795	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28771	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29022	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29784	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491075/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0401	Third Party Advisory

Impacted products

Vendor	Product	Version
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "55ABF9A3-7776-4C0B-A6CC-45955E42DA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "68B64CBF-7A11-4AA9-8C44-77E891DD2446",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "9AEB3163-D0D0-4E43-AF64-479D4AEE90C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "0E3BC415-D3D2-48FC-9B6A-34596A371ACF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "BA84C4CF-D486-4D21-A909-C311BF70CE14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "4BC02E85-73EC-408B-A31E-F2DDFEA8EF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "B7CB2C4F-A038-461E-9FAB-FA4186F83817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "6DA81141-A4CF-42AD-AFE4-6336AF77ED9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "9DF77950-22DE-4BA2-A10F-10953F6119E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "57F66472-61EC-4467-ACF6-2893BF9E4050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "403EF6EC-9EEF-40F1-BA5C-F6211AADC9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "2CE8E119-58C7-4BF0-9C74-93F44E4FC732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "2F16D689-D091-47AA-96EC-6B419D4A6CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "AAEFCEBE-4CBC-4301-BEC6-9D9C9C3E0539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "B7130E8C-3D8D-4AAF-9D42-55236131989D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "496D052A-CD28-4888-A59C-4F45E9F1471F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no espec\u00edfica en el procedimiento ADMIN_SP_C (SYSPROC.ADMIN_SP_C) en DB2 UDB de IBM en versiones anteriores a la 8.2 Fixpak 16, versi\u00f3n 9.1 en versiones anteriores a la FP4a y versi\u00f3n 9.5 en versiones anteriores a laFP1 permite a usuarios autenticados remotamente ejecutar un c\u00f3digo arbitrario por medio de vectores de ataque no espec\u00edficos."
    }
  ],
  "id": "CVE-2008-0699",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-12T01:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/41795"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28771"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29784"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/41795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0401"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	Patch
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "db2pd en el  Problem Determination en IBM DB2 v9.1 anterior a FP7 y v9.5 anterior a FP5, permite a atacantes provocar una denegaci\u00f3n de servicio (deferencia a puntero NULL y terminaci\u00f3n de aplicaci\u00f3n) a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
  "id": "CVE-2009-4332",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.530",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-20 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.

References

▶	URL	Tags
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/74326
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74326
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922

Impacted products

	Vendor	Product	Version
	ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.5 utiliza permisos de escritura globales para nodes.reg, lo que tiene un impacto y vectores de ataque no especificados."
    }
  ],
  "id": "CVE-2012-1797",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-20T20:55:01.553",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC79518"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74326"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IC79518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-02-12 01:00

Modified

2025-04-09 00:30

Severity ?

Summary

Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/28771	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496
cve@mitre.org	http://www.securityfocus.com/bid/27681
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0401
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28771	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27681
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0401

Impacted products

	Vendor	Product	Version
	ibm	db2	8.2_fixpack15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2_fixpack15:*:*:*:*:*:*:*",
              "matchCriteriaId": "17408C42-FAC0-4F2A-9534-A9590BC256CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving \"invalid memory access.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de desbordamiento de b\u00fafer en BM DB2 UDB anterior a la v8.2 Fixpak 16 tiene un vector de ataque desconocido, y un impacto probablemente relacionado con un \"acceso inv\u00e1lido a memoria\"."
    }
  ],
  "id": "CVE-2008-0698",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-12T01:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28771"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27681"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0401"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 08:00

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/253436	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230731-0007/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/253436	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230731-0007/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.  IBM X-Force ID:  253436."
    }
  ],
  "id": "CVE-2023-30447",
  "lastModified": "2024-11-21T08:00:12.073",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:52.133",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253436"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-02-12 01:00

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/28771	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0401
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28771	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0401

Impacted products

	Vendor	Product	Version
	ibm	db2	8.2_fixpack15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2_fixpack15:*:*:*:*:*:*:*",
              "matchCriteriaId": "17408C42-FAC0-4F2A-9534-A9590BC256CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en DB2PD de IBM DB2 UDB anteriores 8.2 Fixpak 16 permite a usuarios locales conseguir privilegios de root a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2008-0697",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-12T01:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28771"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0401"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-04 02:15

Modified

2024-11-21 08:14

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/262257	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240119-0001/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7087143	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/262257	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240119-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7087143	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23E4D44-3305-407B-92C5-8190434A59DC",
              "versionEndIncluding": "10.5.0.11",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "760B31B3-509C-49E4-BB2C-B48E33782141",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement.  IBM X-Force ID:  262257."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegaci\u00f3n de servicio con una declaraci\u00f3n SQL especialmente manipulada. ID de IBM X-Force: 262257."
    }
  ],
  "id": "CVE-2023-38727",
  "lastModified": "2024-11-21T08:14:07.570",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-04T02:15:06.867",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262257"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087143"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709	Exploit, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500	Exploit, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D7ACC0-4CF4-4B60-902C-C47DFCD097A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "55ABF9A3-7776-4C0B-A6CC-45955E42DA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "68B64CBF-7A11-4AA9-8C44-77E891DD2446",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "9AEB3163-D0D0-4E43-AF64-479D4AEE90C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "0E3BC415-D3D2-48FC-9B6A-34596A371ACF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "BA84C4CF-D486-4D21-A909-C311BF70CE14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "4BC02E85-73EC-408B-A31E-F2DDFEA8EF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "B7CB2C4F-A038-461E-9FAB-FA4186F83817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "6DA81141-A4CF-42AD-AFE4-6336AF77ED9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp17:*:*:*:*:*:*",
              "matchCriteriaId": "5BF822C3-48F0-4B13-9D81-FA04DC5B9DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "9DF77950-22DE-4BA2-A10F-10953F6119E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "57F66472-61EC-4467-ACF6-2893BF9E4050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "403EF6EC-9EEF-40F1-BA5C-F6211AADC9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "2CE8E119-58C7-4BF0-9C74-93F44E4FC732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "2F16D689-D091-47AA-96EC-6B419D4A6CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "AAEFCEBE-4CBC-4301-BEC6-9D9C9C3E0539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "B7130E8C-3D8D-4AAF-9D42-55236131989D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "496D052A-CD28-4888-A59C-4F45E9F1471F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite \"external memory\" via unknown vectors, related to a missing \"check for null pointers.\""
    },
    {
      "lang": "es",
      "value": "El componente Client Interfaces en IBM DB2 v8.2 anterior a FP18, v9.1 anterior a FP8, v9.5 anterior a FP5 y v9.7 anterior a FP1, no valida adecuadamente un puntero no especificado, lo que permite a atacantes sobrescribir la memoria externa a trav\u00e9s de vectores desconocidos. Relacionado con la p\u00e9rdida de \"comprobaci\u00f3n de punteros nulos\"."
    }
  ],
  "id": "CVE-2009-4325",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-04 02:15

Modified

2024-11-21 07:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/252048	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240112-0002/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7087218	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/252048	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240112-0002/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7087218	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "760B31B3-509C-49E4-BB2C-B48E33782141",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.  IBM X-Force ID:  252048."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio a trav\u00e9s de una consulta federada especialmente manipulada en objetos de federaci\u00f3n espec\u00edficos. ID de IBM X-Force: 252048."
    }
  ],
  "id": "CVE-2023-29258",
  "lastModified": "2024-11-21T07:56:45.957",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-04T02:15:06.647",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252048"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240112-0002/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240112-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087218"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-08-19 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/36313	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg24024075	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2293	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36313	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg24024075	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2293	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp17:*:*:*:*:*:*",
              "matchCriteriaId": "00D40BBF-DAC1-4C6D-806B-B04C88F237F7",
              "versionEndIncluding": "8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2418C923-2F94-4FAF-A9BD-D1C436308C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "18D59696-A477-4397-BC14-4EF69DAFA262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "BBABCAC8-0E04-44FC-BF1A-88CACB28E644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "AC318EEC-AFE5-4070-8711-B6560143CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "5F02B3A6-F771-4F6A-A1E8-5E3EC1080272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "DCF379F0-6D58-47A9-849E-C48D13496C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "1F878C22-6294-4DFD-AFA4-1094644D15F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp17a:*:*:*:*:*:*",
              "matchCriteriaId": "F2799A9D-1BAC-491A-B36B-A124C44D9EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8AEBA7BD-E897-438E-8DD5-7AB5490AB931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BAA746B2-AC20-49D3-B8C6-655C268CB253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "0FEC5C8E-9B3E-457F-8871-1EB172DBA7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "A8DA176E-1AD6-4524-9931-0165263D4E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "AC4145E1-A805-4E64-904C-03B0B13BADBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "281B0499-11FD-4B99-B402-B44B609469E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "81AB9705-2397-4218-9529-E0DAF3196DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6b:*:*:*:*:*:*",
              "matchCriteriaId": "2CB197BE-6C4B-4081-8643-3CC3D2FDDB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6c:*:*:*:*:*:*",
              "matchCriteriaId": "53C13821-A069-41B8-AECD-8562E22F37D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "385C934A-4374-491C-8A61-EBCC5E72AF24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "F7A4B9D8-D8FE-4204-8D09-1C69B9676F4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "286E4585-57F7-428D-B9C2-63B33FA2BF5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp8a:*:*:*:*:*:*",
              "matchCriteriaId": "E5F0F22B-EEA3-43B3-A600-53A471F32E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "E89ACCE1-873B-4C4A-A64B-F344F96C2C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "1B5437F4-8DD4-4539-A40A-63C5E2C8CF48",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via \"malicious packets.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad inespec\u00edfica en db2jds en IBM DB2 v8.1 anteriores a FP18 permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de servicio) a trav\u00e9s de \"paquetes maliciosos\"."
    }
  ],
  "id": "CVE-2009-2860",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-19T17:30:01.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36313"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2293"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces \"repeating\" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n RAND scalar en el componente Common Code Infrastructure en IBM DB2 v9.5 anterior a FP5 y v9.7 anterior a FP1, cuando se usa la caracter\u00edstica Database Partitioning Feature (DPF), provoca repetici\u00f3n (\"repeting\") en las variables de retorno, lo que podr\u00eda permitir a atacantes evitar los mecanismos de protecci\u00f3n basado en la predicci\u00f3n de un valor aleatorio."
    }
  ],
  "id": "CVE-2009-4326",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.377",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-25 14:29

Modified

2024-11-21 03:59

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016142	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1041005	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/140210	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016142	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041005	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/140210	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) es vulnerable a un desbordamiento de b\u00fafer basado en pila provocado por una comprobaci\u00f3n de l\u00edmites incorrecta que podr\u00eda conducir a que un atacante ejecute c\u00f3digo arbitrario. IBM X-Force ID: 140210."
    }
  ],
  "id": "CVE-2018-1459",
  "lastModified": "2024-11-21T03:59:51.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T14:29:00.653",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016142"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041005"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140210"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-12-07 13:15

Modified

2025-08-09 01:49

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7175940	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2E6BAB-5E0F-458B-B358-205D65B073D5",
              "versionEndIncluding": "10.5.11",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7ABF45-1720-49F0-AA78-E4C06815F3C5",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECBD1085-509F-49E6-9DB0-1015F7B63955",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio con una consulta especialmente manipulada debido a una asignaci\u00f3n de memoria incorrecta."
    }
  ],
  "id": "CVE-2024-37071",
  "lastModified": "2025-08-09T01:49:19.753",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-07T13:15:04.047",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7175940"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-789"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-04-03 14:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/153316	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10741481	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/153316	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10741481	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1.0.0
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.1.0.6
ibm	db2	10.5.0.0
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	10.5.0.8
ibm	db2	10.5.0.9
ibm	db2	10.5.0.10
ibm	db2	11.1.0.0
ibm	db2	11.1.1.1
ibm	db2	11.1.2.2
ibm	db2	11.1.3.3
ibm	db2	11.1.4.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19D90B2-0B71-498B-8428-B27950E1D2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E036B621-7EE1-41E0-AAEC-D13FCB17B2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB95E38-7A78-4798-B0E2-814DAE1153A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B95F778-8E2B-4A6D-BA3B-254F87B492BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B40593-EA0D-4134-BBA0-35DA70D3C6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "177780EE-76F9-41D9-83C9-48C5DFCF8702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E38BC34-066B-4B4D-929F-4E5C6BCB1442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23910ECC-960A-44DF-BA8D-C1553D088EAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316."
    },
    {
      "lang": "es",
      "value": "En IBM DB2, en sus versiones 9.7, 10.1, 10.5 y 11.1, libdb2e.so.1 es vulnerable a un desbordamiento de b\u00fafer basado en pila provocado por una comprobaci\u00f3n de l\u00edmites incorrecta que podr\u00eda conducir a que un atacante ejecute c\u00f3digo arbitrario. IBM X-Force ID: 153316."
    }
  ],
  "id": "CVE-2018-1936",
  "lastModified": "2024-11-21T04:00:37.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-03T14:29:00.737",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153316"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741481"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-28 19:30

Modified

2025-04-09 00:30

Severity ?

Summary

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El componente Query Compiler, Rewrite, and Optimizer en IBM DB2 v9.1 anteriores a FP8, v9.5 anteriores a FP5, v9.7 anteriores a FP1 no refuerza los requisitos de privilegios para acceder a (1) una secuencia o (2) objetos de variables globales, permite a usuarios autenticados remotamente usar los datos mediante vectores no especificados."
    }
  ],
  "id": "CVE-2009-4438",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-28T19:30:00.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-08-19 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/36313	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35635
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg24024075	Patch
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36313	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35635
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg24024075	Patch

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp17:*:*:*:*:*:*",
              "matchCriteriaId": "00D40BBF-DAC1-4C6D-806B-B04C88F237F7",
              "versionEndIncluding": "8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2418C923-2F94-4FAF-A9BD-D1C436308C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "18D59696-A477-4397-BC14-4EF69DAFA262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "BBABCAC8-0E04-44FC-BF1A-88CACB28E644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "AC318EEC-AFE5-4070-8711-B6560143CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "5F02B3A6-F771-4F6A-A1E8-5E3EC1080272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "DCF379F0-6D58-47A9-849E-C48D13496C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "1F878C22-6294-4DFD-AFA4-1094644D15F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp17a:*:*:*:*:*:*",
              "matchCriteriaId": "F2799A9D-1BAC-491A-B36B-A124C44D9EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8AEBA7BD-E897-438E-8DD5-7AB5490AB931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BAA746B2-AC20-49D3-B8C6-655C268CB253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "0FEC5C8E-9B3E-457F-8871-1EB172DBA7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "A8DA176E-1AD6-4524-9931-0165263D4E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "AC4145E1-A805-4E64-904C-03B0B13BADBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "281B0499-11FD-4B99-B402-B44B609469E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "81AB9705-2397-4218-9529-E0DAF3196DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6b:*:*:*:*:*:*",
              "matchCriteriaId": "2CB197BE-6C4B-4081-8643-3CC3D2FDDB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6c:*:*:*:*:*:*",
              "matchCriteriaId": "53C13821-A069-41B8-AECD-8562E22F37D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "385C934A-4374-491C-8A61-EBCC5E72AF24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "F7A4B9D8-D8FE-4204-8D09-1C69B9676F4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "286E4585-57F7-428D-B9C2-63B33FA2BF5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp8a:*:*:*:*:*:*",
              "matchCriteriaId": "E5F0F22B-EEA3-43B3-A600-53A471F32E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "E89ACCE1-873B-4C4A-A64B-F344F96C2C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "1B5437F4-8DD4-4539-A40A-63C5E2C8CF48",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure."
    },
    {
      "lang": "es",
      "value": "Fuga de memoria en el componente de seguridad en IBM DB2 v8.1 anteriores a FP18 en plataformas Unix permite a atacantes producir una denegaci\u00f3n de servicio a trav\u00e9s de vectores sin especificar, relacionado con la memoria privada dentro de la estructura de memoria de DB2."
    }
  ],
  "id": "CVE-2009-2858",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-19T17:30:01.187",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36313"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35635"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-08-28 13:13

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94756
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94757
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94758
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21646809	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86093
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94756
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94757
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94758
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21646809	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86093

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.5
ibm	db2_connect	9.5
ibm	db2_connect	9.7
ibm	db2_connect	9.8
ibm	db2_connect	10.1
ibm	db2_connect	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CDD816C-7070-4118-845E-6205FE130A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A174260C-45A3-4DE3-8B2C-82416196FFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority."
    },
    {
      "lang": "es",
      "value": "IBM DB2 y DB2 Connect v9.7 hasta FP8, v9.8 hasta FP5, v10.1 hasta FP2, y v10.5 hasta FP1 permiten a los usuarios remotos autenticados ejecutar instrucciones DML mediante el aprovechamiento de la autoridad \"EXPLAIN\"."
    }
  ],
  "id": "CVE-2013-4033",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-28T13:13:58.517",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94756"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94757"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94758"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646809"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86093"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-01 15:15

Modified

2024-11-21 05:32

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/179269	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6242336	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/179269	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6242336	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	10.1.0.0
ibm	db2	10.5.0.0
ibm	db2	11.1.0.0
ibm	db2	11.5.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E94B9A7-5DF7-4F52-B87F-094A50010F79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00eda permitir a un usuario local obtener informaci\u00f3n confidencial usando una condici\u00f3n de carrera de un enlace simb\u00f3lico. IBM X-Force ID: 179269"
    }
  ],
  "id": "CVE-2020-4387",
  "lastModified": "2024-11-21T05:32:41.147",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-01T15:15:14.923",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242336"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-03-11 22:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/154078	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/154078	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows, en sus versiones 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server), es vulnerable a un desbordamiento de b\u00fafer, lo que podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario en el sistema como root. IBM X-Force ID: 154078."
    }
  ],
  "id": "CVE-2018-1980",
  "lastModified": "2024-11-21T04:00:41.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-11T22:29:00.703",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154078"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-06-29 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.

References

▶	URL	Tags
	cve@mitre.org	http://www-1.ibm.com/support/search.wss?rs=0&q=IY73104&apar=only	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/search.wss?rs=0&q=IY73104&apar=only	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	8.1.4
ibm	db2	8.1.5
ibm	db2	8.1.6
ibm	db2	8.1.7
ibm	db2	8.1.8a
ibm	db2	8.1.9
ibm	db2	8.2.0
ibm	db2	8.2.1
ibm	db2	8.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "05154E69-63D7-4F51-89F5-1199A3E6E074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B729909-4377-4472-94C4-432CD89BCF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC320999-569A-48AA-92B7-CDE8394BBC39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F97F5666-4502-437D-AA81-8C0488CD73B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C77B11-C53E-49E7-9C49-2C574390B609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF6FFCD-E744-4D45-8BDD-32ADC94AD655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FA1607C-E97A-49BA-B7EC-548784C86D16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB2E227E-5E14-4164-B342-9193C7F020F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CB2F40-05E8-49B0-8A62-9DD45821E560",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents."
    }
  ],
  "id": "CVE-2005-2073",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-06-29T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY73104\u0026apar=only"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY73104\u0026apar=only"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-02-02 18:30

Modified

2025-04-11 00:51

Severity ?

Summary

kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.

References

URL	Tags
cve@mitre.org	http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html	Exploit
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68762
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21432298
cve@mitre.org	http://www.securityfocus.com/bid/38018	Exploit
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14289
af854a3a-2127-422b-91ae-364da2661108	http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68762
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21432298
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38018	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14289

Impacted products

	Vendor	Product	Version
	ibm	db2	9.7.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "A2BF9210-79CA-4D25-99F3-6DC543B6D3F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence."
    },
    {
      "lang": "es",
      "value": "kuddb2 en Tivoli Monitoring para DB2, distribuidas en IBM DB2 v9.7 FP1 en Linux, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del demonio) a trav\u00e9s de una secuencia de bytes determinada."
    }
  ],
  "id": "CVE-2010-0472",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-02T18:30:00.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68762"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/38018"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/38018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14289"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-25 14:29

Modified

2024-11-21 03:59

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016181	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1041004	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/140047	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016181	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041004	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/140047	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podr\u00eda permitir a un usuario local sobrescribir archivos arbitrarios pertenecientes al propietario de la instancia del DB2. IBM X-Force ID: 140047."
    }
  ],
  "id": "CVE-2018-1452",
  "lastModified": "2024-11-21T03:59:50.863",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T14:29:00.590",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041004"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140047"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 18:15

Modified

2024-09-21 10:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614.

References

▶	URL	Tags
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/287614	Vendor Advisory
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7165338	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*",
              "matchCriteriaId": "51CDD6A3-B1B6-4A21-AC60-2BC4761B527C",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "09EB63CF-B13D-4BB6-9554-F7C243A95F10",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9907B0C1-3852-43B3-88D3-269DA5D3B5FA",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*",
              "matchCriteriaId": "35FE6D87-9C5F-446E-8953-8A3B2FCD0A53",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.  IBM X-Force ID:  287614."
    },
    {
      "lang": "es",
      "value": " IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio, en configuraciones espec\u00edficas, ya que el servidor puede fallar al utilizar una declaraci\u00f3n SQL especialmente manipulada por un usuario autenticado. ID de IBM X-Force: 287614."
    }
  ],
  "id": "CVE-2024-31882",
  "lastModified": "2024-09-21T10:15:05.403",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T18:15:10.647",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287614"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7165338"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-943"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-09-16 16:15

Modified

2024-11-21 06:01

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/204470	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20211029-0005/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6489499	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/204470	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211029-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6489499	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:-:*:*",
              "matchCriteriaId": "F9DA788B-81D2-4B91-9E63-3D42A5F21854",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) podr\u00eda divulgar informaci\u00f3n confidencial cuando se usa ADMIN_CMD con LOAD o BACKUP. IBM X-Force ID: 204470"
    }
  ],
  "id": "CVE-2021-29825",
  "lastModified": "2024-11-21T06:01:52.923",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-16T16:15:08.100",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6489499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211029-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6489499"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-19 22:55

Modified

2025-04-11 00:51

Severity ?

Summary

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/56451
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21660041	Vendor Advisory
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21659490
psirt@us.ibm.com	http://www.securityfocus.com/bid/64336
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/89116
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/56451
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21660041	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21659490
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/64336
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/89116

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2_connect	9.7
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.9
ibm	db2	9.8
ibm	db2	9.8.0.3
ibm	db2	9.8.0.4
ibm	db2	9.8.0.5
ibm	db2_connect	9.8
ibm	db2_connect	9.8.0.3
ibm	db2_connect	9.8.0.4
ibm	db2_connect	9.8.0.5
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2_connect	10.5
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.2
ibm	db2_purescale_feature_9.8	-
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2_connect	10.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2418D4-8A16-4617-AE27-B2FDD68711C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC23293-580F-48B7-BB18-C91E254B4885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DD2BBD-1ED1-4FF0-8A5D-AD36B71BF5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A09A6A-D7D8-4ADE-850B-1FA98E4FD8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45EA04C9-3B45-47C2-88C6-4BE578673A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "10331272-C7E3-4F77-BAB7-C931CDD57699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "781B87AB-DBCA-495A-B809-648357EF6873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8F6CF0-8418-41CB-B3E5-B04CF633DBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28D8A2E-ECA5-401E-806B-2385668C90D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "734E79E6-4A83-4CBF-B8B3-2D6D4491728E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3631F758-5C8F-4D24-81C1-D6146B0209CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB6E617-98EA-4944-9211-FFEE9E50FE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A174260C-45A3-4DE3-8B2C-82416196FFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A2E75A3-97BB-4B50-B6A1-ADB6F673A9D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C616C838-1722-47FA-8AE9-6B4F5D9CF787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "80731F47-CD9D-4AC8-8AAF-B387E550F6D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD73C3-412C-461A-A1A4-BB760CC3C2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D91F10-BC9A-4A20-A153-022C9207A1E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2_purescale_feature_9.8:-:-:-:*:-:db2_enterprise_edition:*:*",
              "matchCriteriaId": "1D4080BB-DBF0-4125-B0D6-6CF217703045",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC80416E-982E-496E-BB46-5928FDB8CF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B2A6C0-93D4-4648-A507-62F075D6AFCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9510BA35-C62A-46CE-A009-F20971EAE9B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El motor de consultas OLAP en IBM DB2 y DB2 Connect 9.7 hasta FP9, 9.8 hasta FP3, y 10.6 hasta FP2,  y la pureScale Feature 9.8 para Enterprise Server Edition, permite ausuarios autenticados remotamente causar denegaci\u00f3n de servicio (interrupci\u00f3n de la base de datos y desactivaci\u00f3n) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-6717",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-19T22:55:04.413",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/56451"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660041"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21659490"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/64336"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21659490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89116"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-04-03 13:16

Modified

2025-01-31 17:52

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.

References

URL	Tags
psirt@us.ibm.com	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/282953	Third Party Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240517-0005/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7145726	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/282953	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240517-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7145726	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query.  IBM X-Force ID:  282953."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio por parte de un usuario autenticado mediante una consulta especialmente manipulada. ID de IBM X-Force: 282953."
    }
  ],
  "id": "CVE-2024-25046",
  "lastModified": "2025-01-31T17:52:39.340",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-03T13:16:01.790",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/282953"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0005/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/282953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145726"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-19 16:15

Modified

2024-11-21 05:32

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/174341	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/2874621	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/174341	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/2874621	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versi\u00f3n 11.5, podr\u00eda permitir a atacantes autenticados causar una denegaci\u00f3n de servicio debido al manejo inapropiado de determinados comandos. ID de IBM X-Force: 174341."
    }
  ],
  "id": "CVE-2020-4161",
  "lastModified": "2024-11-21T05:32:19.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-19T16:15:11.797",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174341"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2874621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2874621"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-12 21:29

Modified

2025-04-20 01:37

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22006061	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100690	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1039301	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/128058	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22006061	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100690	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039301	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/128058	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	11.1.0.0
ibm	db2_connect	9.7
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.11
ibm	db2_connect	10.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.7
ibm	db2_connect	11.1.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F07F2-3F58-4999-97E9-50C627D9CB84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "CA651B7E-418B-4C3C-9A83-7E25342D884F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2418D4-8A16-4617-AE27-B2FDD68711C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC23293-580F-48B7-BB18-C91E254B4885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DD2BBD-1ED1-4FF0-8A5D-AD36B71BF5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A09A6A-D7D8-4ADE-850B-1FA98E4FD8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45EA04C9-3B45-47C2-88C6-4BE578673A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "10331272-C7E3-4F77-BAB7-C931CDD57699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "781B87AB-DBCA-495A-B809-648357EF6873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8F6CF0-8418-41CB-B3E5-B04CF633DBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28D8A2E-ECA5-401E-806B-2385668C90D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D92905F-5327-4CAA-9ECE-5211FB92BF14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9620D61-5F09-44E7-A19F-7E70A7F0D832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC80416E-982E-496E-BB46-5928FDB8CF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B2A6C0-93D4-4648-A507-62F075D6AFCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9510BA35-C62A-46CE-A009-F20971EAE9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE54DD24-2E67-49D9-81EB-88A50ED3FB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20186C62-14F0-47FA-BF37-772AEDF64E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD73C3-412C-461A-A1A4-BB760CC3C2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D91F10-BC9A-4A20-A153-022C9207A1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95700FA-C64B-40D9-81C5-39A76961A89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DF3EF9D-7FD1-46F4-A745-2C3D31B2E12F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "269C7299-D812-462D-9C4D-D36F5665789E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89A2701-5904-4DBD-8AAC-9972611CC92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B42E8C32-272B-4D9D-8479-D15D511FAAE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E32FD81-F765-4115-9977-B1913CE13106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10,1, 10.5 y 11.1 (incluido DB2 Connect Server) podr\u00eda permitir a un usuario local con privilegios de propietario en la instancia DB2 obtener acceso root. IBM X-Force ID: 128058."
    }
  ],
  "id": "CVE-2017-1439",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T21:29:00.347",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100690"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039301"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128058"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-07-10 16:29

Modified

2024-11-21 03:59

Severity ?

7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.

References

URL	Tags
psirt@us.ibm.com	http://www.securitytracker.com/id/1041230	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/140209	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=swg22016624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041230	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/140209	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=swg22016624	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) podr\u00eda permitir a un usuario local ejecutar c\u00f3digo arbitrario y llevar a cabo ataques de secuestro de DLL. IBM X-Force ID: 140209."
    }
  ],
  "id": "CVE-2018-1458",
  "lastModified": "2024-11-21T03:59:51.570",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-10T16:29:00.550",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041230"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140209"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22016624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22016624"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-19 16:15

Modified

2024-11-21 05:32

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/173806	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210108-0001/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/2876307	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/173806	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210108-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/2876307	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5,  podr\u00eda permitir a un usuario no autenticado enviar paquetes especialmente dise\u00f1ados para causar una denegaci\u00f3n de servicio debido a un uso excesivo de memoria."
    }
  ],
  "id": "CVE-2020-4135",
  "lastModified": "2024-11-21T05:32:18.303",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-19T16:15:11.687",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210108-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2876307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210108-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2876307"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-02-17 18:15

Modified

2024-11-21 07:27

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/241677	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6953755	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/241677	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6953755	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file.  IBM X-Force ID:  241677."
    }
  ],
  "id": "CVE-2022-43930",
  "lastModified": "2024-11-21T07:27:22.630",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-17T18:15:11.987",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241677"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6953755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6953755"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-12 21:29

Modified

2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22006109	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100698	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1039299	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/128180	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22006109	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100698	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039299	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/128180	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.5
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	11.1.0.0
ibm	db2_connect	9.7
ibm	db2_connect	9.7.0.1
ibm	db2_connect	9.7.0.2
ibm	db2_connect	9.7.0.3
ibm	db2_connect	9.7.0.4
ibm	db2_connect	9.7.0.5
ibm	db2_connect	9.7.0.6
ibm	db2_connect	9.7.0.7
ibm	db2_connect	9.7.0.8
ibm	db2_connect	9.7.0.9
ibm	db2_connect	9.7.0.10
ibm	db2_connect	9.7.0.11
ibm	db2_connect	10.1
ibm	db2_connect	10.1.0.1
ibm	db2_connect	10.1.0.2
ibm	db2_connect	10.1.0.3
ibm	db2_connect	10.1.0.4
ibm	db2_connect	10.1.0.5
ibm	db2_connect	10.5
ibm	db2_connect	10.5.0.1
ibm	db2_connect	10.5.0.2
ibm	db2_connect	10.5.0.3
ibm	db2_connect	10.5.0.4
ibm	db2_connect	10.5.0.5
ibm	db2_connect	10.5.0.6
ibm	db2_connect	10.5.0.7
ibm	db2_connect	11.1.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F07F2-3F58-4999-97E9-50C627D9CB84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "CA651B7E-418B-4C3C-9A83-7E25342D884F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2418D4-8A16-4617-AE27-B2FDD68711C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC23293-580F-48B7-BB18-C91E254B4885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DD2BBD-1ED1-4FF0-8A5D-AD36B71BF5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A09A6A-D7D8-4ADE-850B-1FA98E4FD8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45EA04C9-3B45-47C2-88C6-4BE578673A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "10331272-C7E3-4F77-BAB7-C931CDD57699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "781B87AB-DBCA-495A-B809-648357EF6873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8F6CF0-8418-41CB-B3E5-B04CF633DBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28D8A2E-ECA5-401E-806B-2385668C90D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D92905F-5327-4CAA-9ECE-5211FB92BF14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9620D61-5F09-44E7-A19F-7E70A7F0D832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC80416E-982E-496E-BB46-5928FDB8CF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B2A6C0-93D4-4648-A507-62F075D6AFCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9510BA35-C62A-46CE-A009-F20971EAE9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE54DD24-2E67-49D9-81EB-88A50ED3FB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20186C62-14F0-47FA-BF37-772AEDF64E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD73C3-412C-461A-A1A4-BB760CC3C2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D91F10-BC9A-4A20-A153-022C9207A1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95700FA-C64B-40D9-81C5-39A76961A89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DF3EF9D-7FD1-46F4-A745-2C3D31B2E12F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "269C7299-D812-462D-9C4D-D36F5665789E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89A2701-5904-4DBD-8AAC-9972611CC92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B42E8C32-272B-4D9D-8479-D15D511FAAE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E32FD81-F765-4115-9977-B1913CE13106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10,1, 10.5 y 11.1 (incluido DB2 Connect Server) podr\u00eda permitir a un usuario local obtener privilegios elevados y sobrescribir archivos DB2.. IBM X-Force ID: 128180."
    }
  ],
  "id": "CVE-2017-1452",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T21:29:00.597",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006109"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100698"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039299"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-09 17:15

Modified

2024-11-21 06:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/213217	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20220114-0002/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6523802	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/213217	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220114-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6523802	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:-:*:*",
              "matchCriteriaId": "CC97D272-ABEE-4FA3-BE61-67AAD2A8D281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, usa algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial"
    }
  ],
  "id": "CVE-2021-39002",
  "lastModified": "2024-11-21T06:18:23.823",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-09T17:15:07.837",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523802"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 18:15

Modified

2024-09-21 10:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

References

▶	URL	Tags
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/291307	Vendor Advisory
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7165341	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*",
              "matchCriteriaId": "19102F56-7E0F-4D9D-A77D-72262D455D3E",
              "versionEndIncluding": "10.5.11",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:hp-ux:*:*",
              "matchCriteriaId": "6749F2F7-22EA-4E19-A4F5-267CAF5D2647",
              "versionEndIncluding": "10.5.11",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A58F19B6-2B8C-49E5-83E8-5C370F21A990",
              "versionEndIncluding": "10.5.11",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "CD93325D-7FD5-4EFE-9EFC-5656863269AB",
              "versionEndIncluding": "10.5.11",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "523277B7-CC33-487B-9315-A783D03EC1BB",
              "versionEndIncluding": "10.5.11",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*",
              "matchCriteriaId": "51CDD6A3-B1B6-4A21-AC60-2BC4761B527C",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:hp-ux:*:*",
              "matchCriteriaId": "0CCA3A21-1719-41E4-9398-8228A4F93AA7",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "09EB63CF-B13D-4BB6-9554-F7C243A95F10",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "0DDA0DE9-A4AD-41D8-9649-3303569EA9A4",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9907B0C1-3852-43B3-88D3-269DA5D3B5FA",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*",
              "matchCriteriaId": "35FE6D87-9C5F-446E-8953-8A3B2FCD0A53",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:hp-ux:*:*",
              "matchCriteriaId": "A316FF22-DA43-4207-BEA8-580B157C807D",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions.  IBM X-Force ID:  291307."
    },
    {
      "lang": "es",
      "value": " El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegaci\u00f3n de servicio con una consulta especialmente manipulada bajo ciertas condiciones. ID de IBM X-Force: 291307."
    }
  ],
  "id": "CVE-2024-35136",
  "lastModified": "2024-09-21T10:15:05.673",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T18:15:11.723",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/291307"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7165341"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-943"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-06-03 21:00

Modified

2025-04-09 00:30

Severity ?

Summary

The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/48149
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	Patch
cve@mitre.org	http://www.securityfocus.com/bid/31058
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/48149
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31058

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "E0252A93-49D5-4C5E-B774-8400526CA813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with \"OS privilege,\" which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856."
    },
    {
      "lang": "es",
      "value": "El proceso db2fmp  en IBM DB2 v8 anterior a FP17, v9.1 anterior a FP5 y v9.5 anterior a FP2 sobre Windows, se ejecuta con \"privilegios OS\" lo que tiene unos vectores de ataque e impacto desconocidos. Vulnerabilidad distinta de  CVE-2008-3856."
    }
  ],
  "id": "CVE-2008-6820",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-03T21:00:00.203",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/48149"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/48149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31058"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52083	Exploit
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52083	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en el componente Engine Utilities en IBM DB2 v9.5 anterior a FP5, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) mediante la modificaci\u00f3n de la cadena db2ra enviada en una petici\u00f3n desde la Utilidad de Carga (Load Utility)."
    }
  ],
  "id": "CVE-2009-4329",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52083"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-11-09 23:55

Modified

2025-04-11 00:51

Severity ?

Summary

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.

References

▶	URL	Tags
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/71043
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/71043
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C13D4E7-8570-4788-90C1-9210E29EA335",
              "versionEndIncluding": "9.7.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en IBM DB2 v9.7 antes de FP5 en UNIX, cuando las caracter\u00edsticas Self Tuning Memory Manager (STMM) y AUTOMATIC DATABASE_MEMORY est\u00e1n configuradas, permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2011-1373",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 2.7,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-09T23:55:01.397",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71043"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-19 16:15

Modified

2024-11-21 05:32

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/175212	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/2878809	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/175212	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/2878809	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 11.1 y 11.5, son vulnerables a una escalada de privilegios cuando un atacante local autenticado con permisos especiales ejecuta comandos Db2 especialmente dise\u00f1ados. ID de IBM X-Force: 175212."
    }
  ],
  "id": "CVE-2020-4230",
  "lastModified": "2024-11-21T05:32:25.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-19T16:15:12.000",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175212"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2878809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/2878809"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-01 15:15

Modified

2024-11-21 04:43

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/109021	Broken Link
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/158091	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10880741	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109021	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/158091	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10880741	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.7.0.7
ibm	db2	9.7.0.8
ibm	db2	9.7.0.9
ibm	db2	9.7.0.10
ibm	db2	9.7.0.11
ibm	db2	10.1.0.0
ibm	db2	10.1.0.1
ibm	db2	10.1.0.2
ibm	db2	10.1.0.3
ibm	db2	10.1.0.4
ibm	db2	10.1.0.5
ibm	db2	10.1.0.6
ibm	db2	10.5.0.0
ibm	db2	10.5.0.1
ibm	db2	10.5.0.2
ibm	db2	10.5.0.3
ibm	db2	10.5.0.4
ibm	db2	10.5.0.5
ibm	db2	10.5.0.6
ibm	db2	10.5.0.7
ibm	db2	10.5.0.8
ibm	db2	10.5.0.9
ibm	db2	10.5.0.10
ibm	db2	11.1.0.0
ibm	db2	11.1.1.1
ibm	db2	11.1.2.2
ibm	db2	11.1.3.3
ibm	db2	11.1.4.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19D90B2-0B71-498B-8428-B27950E1D2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E036B621-7EE1-41E0-AAEC-D13FCB17B2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB95E38-7A78-4798-B0E2-814DAE1153A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B95F778-8E2B-4A6D-BA3B-254F87B492BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B40593-EA0D-4134-BBA0-35DA70D3C6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "177780EE-76F9-41D9-83C9-48C5DFCF8702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E38BC34-066B-4B4D-929F-4E5C6BCB1442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23910ECC-960A-44DF-BA8D-C1553D088EAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 10.1, 10.5, y 11.1 es vulnerable a un ataque de Denegaci\u00f3n de Servicio. Los usuarios que tienen EXECUTE en PD_GET_DIAG_HIST y el acceso al directorio de diagn\u00f3stico en el servidor de DB2 pueden hacer que la instancia falle. ID de IBM X-Force: 158091."
    }
  ],
  "id": "CVE-2019-4101",
  "lastModified": "2024-11-21T04:43:10.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-01T15:15:12.020",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/109021"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/109021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-09-26 20:17

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://osvdb.org/40598	Broken Link
cve@mitre.org	http://secunia.com/advisories/26899	Third Party Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21268116	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/25810	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1018735	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3264	Permissions Required
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36771	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/40598	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26899	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21268116	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25810	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018735	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3264	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36771	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	rational_clearquest	5.00
ibm	rational_clearquest	5.20
ibm	rational_clearquest	6.00
ibm	rational_clearquest	6.12
ibm	rational_clearquest	6.13
ibm	rational_clearquest	6.14
ibm	rational_clearquest	6.15
ibm	rational_clearquest	6.16
ibm	rational_clearquest	7.0
ibm	rational_clearquest	7.0.0.1
ibm	rational_clearquest	7.0.1
ibm	db2	-
microsoft	sql_server	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CA0764-1ACB-4173-8396-36DD513CD538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "66343779-B8F9-4338-B949-3838AC7471B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A02B2A2-7D88-47AB-95C8-E38A0C174A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C470CD7-AD2F-450A-BDD2-97328BCD3375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B751150-4AA5-4D2A-992D-5183402F5B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41B74B7-3941-4B02-A2E5-43A506A593E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "741D5574-B635-46F5-BAC5-5427E0B305CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C11BD51-B4FB-4717-B614-EC2785C20493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B059D3-5A21-48FA-8D9D-F0DEB8CBB909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "266BE1E1-AD1C-49DD-81C6-4840EE36CDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_clearquest:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBBBF4D-97FD-4DBC-B296-4235BAD38F61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C94CDDFF-420F-4C9B-A668-A79FAF73AC84",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B65554F-BD5C-4EDE-8E16-4C57078592D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en el IBM Rational ClearQuest (CQ), cuando se utilizan las bases de datos Microsoft SQL Server o IBM DB2, permite a atacantes remotos corromper los datos a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2007-5090",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-26T20:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40598"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26899"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25810"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1018735"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3264"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1018735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36771"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-22 20:15

Modified

2024-11-21 08:29

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

References

URL	Tags
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240307-0001/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7105605	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/270730
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7105605	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C382D744-D189-4F7D-B896-52C1B87F8C06",
              "versionEndExcluding": "11.5.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a un algoritmo criptogr\u00e1fico inseguro y a la divulgaci\u00f3n de informaci\u00f3n en el seguimiento de la pila en condiciones excepcionales. ID de IBM X-Force: 270730."
    }
  ],
  "id": "CVE-2023-47152",
  "lastModified": "2024-11-21T08:29:52.370",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-22T20:15:46.890",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105605"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 08:00

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/253202	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230731-0007/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010561	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/253202	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230731-0007/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010561	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options.  IBM X-Force ID:  253202."
    }
  ],
  "id": "CVE-2023-30442",
  "lastModified": "2024-11-21T08:00:11.487",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:51.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253202"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010561"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-01-16 19:29

Modified

2024-11-21 02:41

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.

References

▶	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21979986	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21979986	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-
ibm	db2	9.8
ibm	aix	-
linux	linux_kernel	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise_server:*:*:*",
              "matchCriteriaId": "01AAB8D8-7C12-4875-A2B1-1A38AE5089F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup_server:*:*:*",
              "matchCriteriaId": "C8A89B68-85AE-4E74-A7FA-A3427B749184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:connect_application_server:*:*:*",
              "matchCriteriaId": "7300C988-1E37-4223-96AC-F1AD29AD6A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:connect_enterprise:*:*:*",
              "matchCriteriaId": "A886F573-1738-43FC-857D-E400D21D9EEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:connect_unlimited:system_i:*:*",
              "matchCriteriaId": "1DDAAA36-B373-4274-98EF-3A8D09583D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:connect_unlimited:system_z:*:*",
              "matchCriteriaId": "407B7D0D-BEB2-435F-825E-7F05DB839411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise_server:*:*:*",
              "matchCriteriaId": "5AE05CC8-1F9F-443C-B730-9A638B265FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup_server:*:*:*",
              "matchCriteriaId": "588D7056-6628-44F0-87C3-A7E6A3632E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise_server:*:*:*",
              "matchCriteriaId": "F7581189-E410-4A9E-82C3-06FC7C083521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup_server:*:*:*",
              "matchCriteriaId": "EFFAD344-C474-46AD-9AA4-77522D6F824C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:connect_application_server:*:*:*",
              "matchCriteriaId": "5164C026-542F-447B-8A74-C1470DA6645E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:connect_enterprise:*:*:*",
              "matchCriteriaId": "537632F6-915D-42C8-9557-37E2B31BC059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:connect_unlimited:system_i:*:*",
              "matchCriteriaId": "6C2F777F-9171-475B-8165-1A60641AE263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:connect_unlimited:system_z:*:*",
              "matchCriteriaId": "3C548E05-CFD4-4776-850C-51EFADE2745D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise_server:*:*:*",
              "matchCriteriaId": "AC632967-B490-4EAD-BA37-AADE4D71B328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup_server:*:*:*",
              "matchCriteriaId": "1C582B53-3F65-4CDA-B6E0-F5AEC228E34E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise_server:*:*:*",
              "matchCriteriaId": "7A227837-D25A-4378-A1FA-7C104638AAF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup_server:*:*:*",
              "matchCriteriaId": "F2446FCC-01B4-4C78-8C07-072A8CBA756D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:connect_application_server:*:*:*",
              "matchCriteriaId": "08F4CF0C-6FB9-4105-9362-77E7C6D7DE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:connect_enterprise:*:*:*",
              "matchCriteriaId": "3EB89228-61ED-45A4-B676-17665E18759E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:connect_unlimited:system_i:*:*",
              "matchCriteriaId": "C03364AF-D21F-4F5F-B02E-E69E042567C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:connect_unlimited:system_z:*:*",
              "matchCriteriaId": "BA1F1069-5361-4E75-AD69-BD499AD1100F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise_server:*:*:*",
              "matchCriteriaId": "3635D883-4AC7-4C0D-9838-85FE5B517578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup_server:*:*:*",
              "matchCriteriaId": "38F1E1DE-5DA9-4FC0-B16F-78450FF840EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise_server:*:*:*",
              "matchCriteriaId": "4E153CD0-80EA-42CC-9105-3E8C3651F1B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.7, 10.1 anterior a FP6 y 10.5 anterior a FP8 en AIX, Linux, HP, Solaris y Windows permite que usuarios autenticados remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado del demonio) mediante una instrucci\u00f3n SELECT con una subcadena que contiene la funci\u00f3n AVG OLAP en una base de datos compatible con Oracle."
    }
  ],
  "id": "CVE-2016-0215",
  "lastModified": "2024-11-21T02:41:17.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-16T19:29:00.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979986"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-02-13 00:00

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654	Patch
cve@mitre.org	http://securitytracker.com/id?1019318
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019318

Impacted products

	Vendor	Product	Version
	ibm	db2	*
	ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fix_pack15:*:*:*:*:*:*",
              "matchCriteriaId": "BE6286F5-FA0B-4879-90FA-9D4A7AF3D5A4",
              "versionEndIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fix_pack3a:*:*:*:*:*:*",
              "matchCriteriaId": "A9109ED9-2529-427D-8A8C-6FAF3A2D438B",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698."
    },
    {
      "lang": "es",
      "value": "El Servidor de Administraci\u00f3n (DAS) de IBM DB2 Universal Database (UDB) en versi\u00f3n 8 anterior al Fix Pack 16 y versi\u00f3n 9 anterior a Fix Pack 4, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de valores del puntero modificados en solicitudes de administraci\u00f3n remota no especificadas; esto  provoca una corrupci\u00f3n de memoria u otro acceso no v\u00e1lido a memoria. NOTA: este podr\u00eda ser el mismo problema que CVE-2008-0698"
    }
  ],
  "id": "CVE-2007-3676",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-13T00:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019318"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-28 19:30

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1JR31948	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1JR31948	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el componente Query Compiler, Rewrite, and Optimizer en IBM DB2 v9.5 anteriores a FP5 permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (parada de la instancia) al compilar una consulta SQL."
    }
  ],
  "id": "CVE-2009-4439",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-28T19:30:00.420",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31948"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-04-28 20:05

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/29022	Not Applicable
cve@mitre.org	http://securityreason.com/securityalert/3841	Issue Tracking, Third Party Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972	Vendor Advisory
cve@mitre.org	http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml	Not Applicable
cve@mitre.org	http://www.securityfocus.com/archive/1/491075/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29022	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3841	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491075/100/0/threaded	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "19386DED-6408-4847-99D8-6F81D7FE19FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak1:*:*:*:*:*:*",
              "matchCriteriaId": "23EC0378-B132-42CA-96DD-D619ED43A05A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak10:*:*:*:*:*:*",
              "matchCriteriaId": "5B327E56-B3E5-4B07-AE82-495810B6900B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak11:*:*:*:*:*:*",
              "matchCriteriaId": "4293077A-4B50-4FEC-8207-EEDCC6033116",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak12:*:*:*:*:*:*",
              "matchCriteriaId": "7D460D0D-FAFC-4853-B038-986AF1F1E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak13:*:*:*:*:*:*",
              "matchCriteriaId": "3E820357-5155-47BE-8208-8518D2583860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak14:*:*:*:*:*:*",
              "matchCriteriaId": "73D0B6FA-A20B-4727-B121-6A5A702018D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak15:*:*:*:*:*:*",
              "matchCriteriaId": "E5F03532-D08E-4EF8-BF16-B3918F468F02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak2:*:*:*:*:*:*",
              "matchCriteriaId": "751E6CF3-8636-4D41-9E45-2F05BB0AF464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak3:*:*:*:*:*:*",
              "matchCriteriaId": "AD43F7F3-8E3B-4403-8FAF-6119056209D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak4:*:*:*:*:*:*",
              "matchCriteriaId": "5FF90CBD-D93B-4DC9-B0EC-DDF2C379ABB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak5:*:*:*:*:*:*",
              "matchCriteriaId": "650850D8-9362-4BDF-8B3A-39AAB590C58A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak6:*:*:*:*:*:*",
              "matchCriteriaId": "F96DDBB5-746D-43C5-980E-884461756F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak6a:*:*:*:*:*:*",
              "matchCriteriaId": "5D400C0F-98E9-4FF9-816E-291826EBC38A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak6b:*:*:*:*:*:*",
              "matchCriteriaId": "7232D973-A512-41AF-BE16-9601A9DF5507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak6c:*:*:*:*:*:*",
              "matchCriteriaId": "7D442CF9-BC39-4A4B-A375-CFDF8799BA40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak7:*:*:*:*:*:*",
              "matchCriteriaId": "42551089-19BF-4DB4-8E5F-E06D5A915275",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak7a:*:*:*:*:*:*",
              "matchCriteriaId": "FB262F52-C896-4F7B-BA7C-6EFAE800199F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak7b:*:*:*:*:*:*",
              "matchCriteriaId": "00805878-F85D-4947-98C1-ABD15F2B49DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak8:*:*:*:*:*:*",
              "matchCriteriaId": "2A355BEC-4334-4ED1-9E39-4D112F7C770D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak8a:*:*:*:*:*:*",
              "matchCriteriaId": "8920EDF4-8FFD-4207-8F9D-E33C50025642",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak9:*:*:*:*:*:*",
              "matchCriteriaId": "0F4F1D2C-DAC5-4B6E-A9C1-8E939E90E764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fixpak9a:*:*:*:*:*:*",
              "matchCriteriaId": "D3F31C8D-74FF-4B8D-A857-03608E07F7D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "5F16B9B1-7B1C-499A-BD5B-537D4E97B95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "76FB7626-3E88-4FFC-BCAB-85965E49B3F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el procedimiento ADMIN_SP_C2 de IBM DB2 8 anterior a FP16, 9.1 anterior a FP4a, y 9.5 anterior a FP1; permite a usuarios autenticados en remoto ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores desconocidos. NOTA: la vulnerabilidad de ADMIN_SP_C ya fue tratada en CVE-2008-0699."
    }
  ],
  "id": "CVE-2008-1997",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-04-28T20:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3841"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/491075/100/0/threaded"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-01 15:15

Modified

2024-11-21 05:32

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/178960	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6242332	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/178960	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6242332	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	10.1.0.0
ibm	db2	10.5.0.0
ibm	db2	11.1.0.0
ibm	db2	11.5.0.0
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E94B9A7-5DF7-4F52-B87F-094A50010F79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a un desbordamiento del b\u00fafer, causado por una comprobaci\u00f3n de l\u00edmites inapropiada que podr\u00eda permitir a un atacante local ejecutar c\u00f3digo arbitrario en el sistema con privilegios root. IBM X-Force ID: 178960"
    }
  ],
  "id": "CVE-2020-4363",
  "lastModified": "2024-11-21T05:32:38.833",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-01T15:15:14.627",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6242332"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 07:46

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/245918	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230731-0007/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010567	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/245918	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230731-0007/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010567	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging.  IBM X-Force ID:  245918."
    }
  ],
  "id": "CVE-2023-23487",
  "lastModified": "2024-11-21T07:46:17.087",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:49.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245918"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010567"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-07-10 16:29

Modified

2024-11-21 03:59

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016505	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1041231	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/140972	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016505	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041231	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/140972	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972."
    },
    {
      "lang": "es",
      "value": "Los binarios IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 cargan bibliotecas compartidas de una ruta no fiable que puede otorgar a usuarios con pocos privilegios acceso total a la cuenta de la instancia DB2 mediante la carga de una biblioteca compartida maliciosa. IBM X-Force ID: 140972."
    }
  ],
  "id": "CVE-2018-1487",
  "lastModified": "2024-11-21T03:59:54.833",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-10T16:29:00.597",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016505"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041231"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140972"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-06-03 21:00

Modified

2025-04-09 00:30

Severity ?

Summary

The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/35235	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
cve@mitre.org	http://www.securityfocus.com/bid/35171
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35235	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35171

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32."
    },
    {
      "lang": "es",
      "value": "El componente DRDA Services en IBM DB2 v9.1 anterior a FP7 y v9.5 anterior a FP4, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una direcci\u00f3n IPv6 en el testigo de correlaci\u00f3n  en la cadena APPID, como se ha demostrado enviando una cadena APPID por el controlador de terceros DataDirect JDBC v3.7.32."
    }
  ],
  "id": "CVE-2009-1906",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-03T21:00:00.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35235"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35171"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-25 14:29

Modified

2024-11-21 03:59

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22016181	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1041004	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/140046	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22016181	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041004	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/140046	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podr\u00eda permitir a un usuario local sobrescribir archivos arbitrarios pertenecientes al propietario de la instancia del DB2. IBM X-Force ID: 140046."
    }
  ],
  "id": "CVE-2018-1451",
  "lastModified": "2024-11-21T03:59:50.747",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T14:29:00.543",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041004"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22016181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140046"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-03-22 12:29

Modified

2024-11-21 03:59

Severity ?

6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22013756	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/103536	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1041012	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/139072	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22013756	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103536	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041012	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/139072	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	*
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072."
    },
    {
      "lang": "es",
      "value": "IBM GSKit (IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1) contiene diversas variables de entorno que podr\u00edan ser desbordadas por un atacante y provocar una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 139072."
    }
  ],
  "id": "CVE-2018-1427",
  "lastModified": "2024-11-21T03:59:47.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-22T12:29:00.610",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103536"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041012"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139072"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-03-22 12:29

Modified

2024-11-21 03:59

Severity ?

7.7 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22014388	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/103535	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/140043	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22014388	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103535	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/140043	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 9.7, 10,1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podr\u00eda permitir a un usuario local sobrescribir archivos arbitrarios pertenecientes al propietario de la instancia del DB2. IBM X-Force ID: 140043."
    }
  ],
  "id": "CVE-2018-1448",
  "lastModified": "2024-11-21T03:59:50.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-22T12:29:00.737",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014388"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103535"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140043"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-16 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits."

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/37759	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62625
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37332
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3520	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/55007
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37759	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC62625
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21412902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37332
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3520	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/55007

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to \"remote exploits.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades sin especificar en el paquete de procedimientos de almacenado en el componente Spatial Extender en IBM DB2 v9.5 anterior a FP5, tiene un impacto y vectores de ataque desconocidos. Relacionado con \"exploits remotos\"."
    }
  ],
  "id": "CVE-2009-4335",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-16T18:30:00.610",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62625"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC62625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55007"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-12-12 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/62092
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21690891
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21693197
psirt@us.ibm.com	http://www.securityfocus.com/bid/71730
psirt@us.ibm.com	http://www.securitytracker.com/id/1034572
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/98685
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62092
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21690891
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21693197
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71730
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034572
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/98685

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.8
ibm	db2_connect	10.1
ibm	db2_connect	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.7 hasta FP10, 9.8 hasta FP5, 10.1 hasta FP4, y 10.5 anterior a FP5 en Linux, UNIX, y Windows permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante la especificaci\u00f3n de la misma columna dentro de m\u00faltiples declaraciones ALTER TABLE."
    }
  ],
  "id": "CVE-2014-6210",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-12T16:59:01.427",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/62092"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/71730"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1034572"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98685"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-10-20 10:41

Modified

2025-04-11 00:51

Severity ?

Summary

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure.

References

URL	Tags
psirt@us.ibm.com	http://osvdb.org/86414
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21450666	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21614536	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/56133
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/86414
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21450666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21614536	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/56133

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2
ibm	db2	9.7.0.3
ibm	db2	9.7.0.4
ibm	db2	9.7.0.5
ibm	db2	9.7.0.6
ibm	db2	9.8
ibm	db2	10.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la infraestructura SQL/PSM (alias SQL Persistent Stored Module) Stored Procedure (SP) en IBM DB2 v9.1, v9.5, v9.7 antes de FP7, v9.8, y v10.1, podr\u00eda permitir a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n depurando un procedimiento almacenado."
    }
  ],
  "id": "CVE-2012-4826",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-20T10:41:27.383",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/86414"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21450666"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614536"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/56133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/86414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21450666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56133"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2025-02-13 17:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/253439	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230731-0007/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/253439	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230731-0007/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010557	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  253439."
    }
  ],
  "id": "CVE-2023-30449",
  "lastModified": "2025-02-13T17:16:24.540",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:52.273",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253439"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-10-22 18:00

Modified

2025-04-09 00:30

Severity ?

Summary

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/31787
cve@mitre.org	http://secunia.com/advisories/32368	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22306
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg27013892
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2893
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46021
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31787
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32368	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22306
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg27013892
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2893
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46021

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "8A94F484-424C-4DF3-9327-95CFC7B4A83E",
              "versionEndIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "F9BA9539-3A77-4C6B-9FA3-51BB55645AB2",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DED8AD3B-99A5-4531-8762-A80B22B05C3C",
              "versionEndIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "72FA9A16-8AFD-4D93-95B4-EAB6E6030D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BB299EAB-31AA-4BAA-B477-0F909A8418AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "6FD22E1E-F5BC-45D5-98F4-EDEE87D718F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "1CA96F81-E7BD-4BEB-9B4F-6CEA95B57742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "222C1B84-0C28-451F-BB02-4CB925263312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "08177181-660C-4BF4-9031-74EE89297CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "AB51AF7F-6D09-4EEE-AE8E-E6CCF06C28E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6b:*:*:*:*:*:*",
              "matchCriteriaId": "64BC5E59-361E-4343-9BB9-9772D47E57B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6c:*:*:*:*:*:*",
              "matchCriteriaId": "A2E1FC49-96AF-4933-BBE8-71DAEAEDD855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "0B5FF14E-2971-4F3F-AD25-D00B0FEDA08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "56B7F547-3519-4A12-AB65-C1768153A7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7b:*:*:*:*:*:*",
              "matchCriteriaId": "FE9D14B8-5B4E-4D27-88B9-EBAC46D8282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8a:*:*:*:*:*:*",
              "matchCriteriaId": "6669F847-ED6A-422F-85F7-DAF9B0159F01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "E8D354AD-995D-4FC8-A7C4-7860549A1634",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors."
    },
    {
      "lang": "es",
      "value": "El componete Native Managed Provider para .NET en IBM DB2 v8 anterior a FP17, v9.1 anteior a FP6, y v9.5 anterior a FP2, cuando un \"definer\" no puede mantener objetos, conserva las vistas (Views) y los disparadores (triggers) sin se\u00f1alarlos como desactivados/no operativos para su ejecuci\u00f3n, lo que tiene un impacto y vectores de ataque desconocidos."
    }
  ],
  "id": "CVE-2008-4692",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-22T18:00:01.347",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32368"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22306"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2893"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46021"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-06-03 21:00

Modified

2025-04-09 00:30

Severity ?

Summary

Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch
cve@mitre.org	http://secunia.com/advisories/31787	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	Patch
cve@mitre.org	http://www.securityfocus.com/bid/35408
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/51108
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31787	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35408
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/51108

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "E0252A93-49D5-4C5E-B774-8400526CA813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el servidor DAS en IBM DB2 v8 anterior a la FP17, v9.1 anterior a la FP5 y v9.5 anterior a FP2, podr\u00eda permitir a atacantes ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio  (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores no especificados. Vulnerabilidad distinta de VE-2007-3676 y CVE-2008-3853."
    }
  ],
  "id": "CVE-2008-6821",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-03T21:00:00.233",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35408"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51108"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613	Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de Net Search Extender (NSE) en el componente de b\u00fasqueda de texto en IBM DB2 UDB v9.5 antes de FP6a no controla correctamente una b\u00fasqueda alfanum\u00e9rica difusa, lo que permite causar a usuarios remotos autenticados una denegaci\u00f3n de servicio (por consumo de memoria excesivo y consiguiente bloqueo del sistema) a trav\u00e9s de la funci\u00f3n db2ext.textSearch."
    }
  ],
  "id": "CVE-2010-3740",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-05T18:00:33.520",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-10-22 18:00

Modified

2025-04-09 00:30

Severity ?

Summary

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."

References

▶	URL	Tags
	cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
	cve@mitre.org	http://secunia.com/advisories/32368
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg27013892
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/2893
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46022
	af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32368
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg27013892
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2893
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46022

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "F9BA9539-3A77-4C6B-9FA3-51BB55645AB2",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DED8AD3B-99A5-4531-8762-A80B22B05C3C",
              "versionEndIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading \"PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES.\""
    },
    {
      "lang": "es",
      "value": "El componente SORT/LIST SERVICES en IBM DB2 v9.1 anterior a FP6 y v9.5 anterior a FP2 escribe informaci\u00f3n sensible en la salida del trazado (trace), lo que permite a atacantes obtener informaci\u00f3n sensible mediante la lectura de \"PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES.\""
    }
  ],
  "id": "CVE-2008-4693",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-22T18:00:01.363",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32368"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2893"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46022"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-05-01 23:15

Modified

2025-08-12 01:23

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7232336	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE61D247-9415-41E8-8458-149709B70E0F",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows 12.1.0 y 12.1.1 es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2024-52903",
  "lastModified": "2025-08-12T01:23:31.393",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-01T23:15:50.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7232336"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-02-17 17:15

Modified

2024-11-21 07:27

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/241676	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6953763	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/241676	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6953763	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nIBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted \u0027Load\u0027 command. IBM X-Force ID: 241676.\n\n"
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows 11.1 y 11.5 puede ser vulnerable a una denegaci\u00f3n de servicio al ejecutar un comando \"Cargar\" especialmente manipulado. ID de IBM X-Force: 241676."
    }
  ],
  "id": "CVE-2022-43929",
  "lastModified": "2024-11-21T07:27:22.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-17T17:15:11.423",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241676"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6953763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6953763"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-05-29 20:15

Modified

2025-06-09 18:59

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7235069	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*
ibm	db2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "DB12E021-90D2-456A-8538-109B4B4E937A",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "6DC85F9D-CD17-472B-B413-088145588214",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "D396078C-3A43-4D93-9BBB-D68652D2C59B",
              "versionEndIncluding": "11.1.4.7",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A9058600-75B6-4228-9B77-C6DAF915F158",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "A7C9B6A1-749A-4388-AC61-318F79DB4519",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "C7DD6EFE-C2DA-42BC-931C-4C347F49BE72",
              "versionEndIncluding": "11.5.9",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "685E5B9C-F82E-4BF5-84D2-709CA5FB7F3A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
              "matchCriteriaId": "41FD572B-97C2-4734-BCE7-2F9D59D38C22",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "21C731C8-8712-4B60-852E-70B5EB61C43A",
              "versionEndIncluding": "12.1.1",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.1.0 a 11.1.4.7, 11.5.0 a 11.5.9 y 12.1.0 a 12.1.1 es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada."
    }
  ],
  "id": "CVE-2024-49350",
  "lastModified": "2025-06-09T18:59:11.143",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-29T20:15:25.213",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7235069"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-08-19 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/36313	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ34149
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg24024075	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2293	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36313	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ34149
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg24024075	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2293	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp17:*:*:*:*:*:*",
              "matchCriteriaId": "00D40BBF-DAC1-4C6D-806B-B04C88F237F7",
              "versionEndIncluding": "8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2418C923-2F94-4FAF-A9BD-D1C436308C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "18D59696-A477-4397-BC14-4EF69DAFA262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "BBABCAC8-0E04-44FC-BF1A-88CACB28E644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "AC318EEC-AFE5-4070-8711-B6560143CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "5F02B3A6-F771-4F6A-A1E8-5E3EC1080272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "DCF379F0-6D58-47A9-849E-C48D13496C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "1F878C22-6294-4DFD-AFA4-1094644D15F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp17a:*:*:*:*:*:*",
              "matchCriteriaId": "F2799A9D-1BAC-491A-B36B-A124C44D9EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8AEBA7BD-E897-438E-8DD5-7AB5490AB931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BAA746B2-AC20-49D3-B8C6-655C268CB253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "0FEC5C8E-9B3E-457F-8871-1EB172DBA7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "A8DA176E-1AD6-4524-9931-0165263D4E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "AC4145E1-A805-4E64-904C-03B0B13BADBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "281B0499-11FD-4B99-B402-B44B609469E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "81AB9705-2397-4218-9529-E0DAF3196DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6b:*:*:*:*:*:*",
              "matchCriteriaId": "2CB197BE-6C4B-4081-8643-3CC3D2FDDB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6c:*:*:*:*:*:*",
              "matchCriteriaId": "53C13821-A069-41B8-AECD-8562E22F37D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "385C934A-4374-491C-8A61-EBCC5E72AF24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "F7A4B9D8-D8FE-4204-8D09-1C69B9676F4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "286E4585-57F7-428D-B9C2-63B33FA2BF5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp8a:*:*:*:*:*:*",
              "matchCriteriaId": "E5F0F22B-EEA3-43B3-A600-53A471F32E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "E89ACCE1-873B-4C4A-A64B-F344F96C2C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "1B5437F4-8DD4-4539-A40A-63C5E2C8CF48",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v8.1 anterior a FP18 permite a atacantes obtener acceso sin especificar a trav\u00e9s del comando \"das\"."
    }
  ],
  "id": "CVE-2009-2859",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-19T17:30:01.217",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36313"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ34149"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ34149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2293"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-12-14 16:29

Modified

2024-11-21 04:00

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=ibm10788089	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/106222	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/154032	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=ibm10788089	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106222	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/154032	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows 11.1 (incluye DB2 Connect Server) contiene una vulnerabilidad de denegaci\u00f3n de servicio (DoS). Un usuario DB2 remoto autenticado podr\u00eda explotar esta vulnerabilidad enviando una instrucci\u00f3n SELECT especialmente manipulada con la funci\u00f3n TRUNCATE. IBM X-Force ID: 154032."
    }
  ],
  "id": "CVE-2018-1977",
  "lastModified": "2024-11-21T04:00:41.153",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-14T16:29:00.283",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10788089"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106222"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10788089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154032"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-03-11 22:29

Modified

2024-11-21 04:00

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/154069	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107398	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/154069	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10740413	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows, en sus versiones 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server), es vulnerable a un desbordamiento de b\u00fafer, lo que podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario en el sistema como root. IBM X-Force ID: 154069."
    }
  ],
  "id": "CVE-2018-1978",
  "lastModified": "2024-11-21T04:00:41.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-11T22:29:00.657",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154069"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10740413"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-08-14 18:15

Modified

2024-08-23 18:57

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.

References

▶	URL	Tags
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/292639	Vendor Advisory
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7165342	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.5.8
ibm	db2	11.5.8
ibm	db2	11.5.8
ibm	db2	11.5.9
ibm	db2	11.5.9
ibm	db2	11.5.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.8:*:*:*:*:aix:*:*",
              "matchCriteriaId": "E4F1DA7C-F286-4E96-9565-14A22BD0913E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.8:*:*:*:*:linux:*:*",
              "matchCriteriaId": "835DA345-5656-47D4-90CB-BA587A08EB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.8:*:*:*:*:windows:*:*",
              "matchCriteriaId": "740E1DBE-9CA0-4B4D-A65B-D1489045E413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
              "matchCriteriaId": "BF166FF8-275F-4F7A-8912-904FBF34575A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
              "matchCriteriaId": "28B24349-AA13-44EE-9BA7-DB0F4ACC5D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
              "matchCriteriaId": "E5730D11-E218-4F31-8089-C378B8CC4D9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID:  292639."
    },
    {
      "lang": "es",
      "value": " IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio con una consulta especialmente manipulada debido a una asignaci\u00f3n de memoria incorrecta. ID de IBM X-Force: 292639."
    }
  ],
  "id": "CVE-2024-35152",
  "lastModified": "2024-08-23T18:57:54.717",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T18:15:12.030",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292639"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7165342"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-789"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-02-21 11:28

Modified

2025-04-09 00:30

Severity ?

Summary

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

References

URL	Tags
cve@mitre.org	http://osvdb.org/34024
cve@mitre.org	http://secunia.com/advisories/24213	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/22614
cve@mitre.org	http://www.securitytracker.com/id?1017665
cve@mitre.org	http://www.securitytracker.com/id?1017695
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0652
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/34024
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24213	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22614
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017665
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017695
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0652

Impacted products

	Vendor	Product	Version
	ibm	db2	9.0
	ibm	db2	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "E71912F5-60DE-4FC0-93D4-041005382F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.0:*:unix:*:*:*:*:*",
              "matchCriteriaId": "A4753AAC-1BD4-402C-BC51-A81BBB21DF56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file."
    },
    {
      "lang": "es",
      "value": "Ciertos binarios setuid DB2 en IBM DB2 anterior a 9 Fix Pack 2 para Linux y Unix permite a usuarios locales sobrescribir ficheros mediante un ataque de enlaces simb\u00f3licos (symlink attack) en el fichero temporal DB2DIAG.LOG."
    }
  ],
  "id": "CVE-2007-1027",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-21T11:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34024"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24213"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22614"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017665"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017695"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0652"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-09-29 21:30

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://osvdb.org/58478
cve@mitre.org	http://secunia.com/advisories/36890	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50074
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50078
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50079
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21403619
cve@mitre.org	http://www.securityfocus.com/bid/36540
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/58478
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36890	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50074
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50078
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50079
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21386689	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21403619
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36540

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "E0252A93-49D5-4C5E-B774-8400526CA813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp17:*:*:*:*:*:*",
              "matchCriteriaId": "4EC433D0-58E3-4744-BAB4-421BC5C3F04C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "72FA9A16-8AFD-4D93-95B4-EAB6E6030D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BB299EAB-31AA-4BAA-B477-0F909A8418AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "6FD22E1E-F5BC-45D5-98F4-EDEE87D718F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "222C1B84-0C28-451F-BB02-4CB925263312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "08177181-660C-4BF4-9031-74EE89297CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "0B5FF14E-2971-4F3F-AD25-D00B0FEDA08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM DB2 8 anterior a FP18, v9.1 anterior a FP8, y v9.5 anterior a FP4 permite a usuarios remotos autenticados eludir las restricciones de acceso, y actualizar, insertar o eliminar filas de la tabla, a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2009-3472",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-29T21:30:00.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/58478"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50074"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50079"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/58478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36540"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-06-12 18:15

Modified

2024-11-21 09:06

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/285246	VDB Entry
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7156847	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/285246	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7156847	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions.  IBM X-Force ID:  285246."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegaci\u00f3n de servicio con una consulta especialmente manipulada bajo ciertas condiciones. ID de IBM X-Force: 285246."
    }
  ],
  "id": "CVE-2024-28762",
  "lastModified": "2024-11-21T09:06:55.017",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-12T18:15:11.267",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285246"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7156847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7156847"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-24 19:15

Modified

2024-11-21 05:33

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/191945	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6466367	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/191945	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6466367	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5, podr\u00eda permitir a un usuario autentificado sobrescribir archivos arbitrarios debido a permisos de grupo inapropiados. IBM X-Force ID: 191945"
    }
  ],
  "id": "CVE-2020-4945",
  "lastModified": "2024-11-21T05:33:27.787",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-24T19:15:08.347",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191945"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466367"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-11-19 16:15

Modified

2024-11-21 05:33

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/187078	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6370025	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/187078	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6370025	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 10.5, 11.1 y 11.5, es vulnerable a un desbordamiento del b\u00fafer, causado por una comprobaci\u00f3n inapropiada de l\u00edmites que podr\u00eda permitir a un atacante local ejecutar c\u00f3digo arbitrario en el sistema con privilegios root"
    }
  ],
  "id": "CVE-2020-4701",
  "lastModified": "2024-11-21T05:33:08.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-19T16:15:10.987",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187078"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6370025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6370025"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-18 16:04

Modified

2025-04-11 00:51

Severity ?

Summary

The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21660046	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/64334
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/88365
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21660046	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/64334
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/88365

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.5
ibm	db2_connect	9.5
ibm	db2_connect	9.7
ibm	db2_connect	9.8
ibm	db2_connect	10.1
ibm	db2_connect	10.5
ibm	db2_purescale_feature_9.8	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CDD816C-7070-4118-845E-6205FE130A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A174260C-45A3-4DE3-8B2C-82416196FFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2_purescale_feature_9.8:-:-:-:*:-:db2_enterprise_edition:*:*",
              "matchCriteriaId": "1D4080BB-DBF0-4125-B0D6-6CF217703045",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La librer\u00eda XSLT en IBM DB2 y DB2 Connect 9.5 hasta 10.5, y DB2 pureScale Feature 9.8 para Enterprise Server Edition, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-5466",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-18T16:04:33.647",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/64334"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88365"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-04-28 19:15

Modified

2024-11-21 07:50

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/247868	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230511-0010/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6985669	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/247868	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230511-0010/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6985669	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3",
              "versionEndExcluding": "11.1.4",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module.  IBM X-Force ID:  247868."
    }
  ],
  "id": "CVE-2023-26022",
  "lastModified": "2024-11-21T07:50:36.797",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-28T19:15:16.787",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247868"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985669"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-10-02 10:35

Modified

2025-04-11 00:51

Severity ?

Summary

The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94434
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94939
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21650231	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86092
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94434
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC94939
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21650231	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86092

Impacted products

	Vendor	Product	Version
	ibm	db2	10.1
	ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data."
    },
    {
      "lang": "es",
      "value": "Fast Communications Manager (FCM) en IBM DB2 Enterprise Server Edition y Advanced Enterprise Server Edition 10.1 anterior a la versi\u00f3n FP3 y 10.5, cuando se utiliza una configuraci\u00f3n de varios nodos, permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores que involucren datos arbitrarios."
    }
  ],
  "id": "CVE-2013-4032",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-02T10:35:39.023",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94434"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94939"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650231"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC94939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86092"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-24 19:15

Modified

2024-11-21 05:33

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/190909	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6466363	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/190909	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210720-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6466363	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.5
ibm	aix	-
linux	linux_kernel	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versi\u00f3n 11.5, podr\u00eda permitir a un usuario local acceder y cambiar la configuraci\u00f3n de Db2 debido a una condici\u00f3n de carrera de un enlace simb\u00f3lico,. IBM X-Force ID: 190909"
    }
  ],
  "id": "CVE-2020-4885",
  "lastModified": "2024-11-21T05:33:22.177",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-24T19:15:08.310",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190909"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6466363"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-20 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21588100	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/73493
psirt@us.ibm.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21588100	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/73493
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "E3E12C63-19FF-4BB9-9389-BF5E6B493F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "10456C00-127D-46FE-82A4-D567AB19F87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "E476599E-7087-4442-AED5-61DC1CA1F374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "93F5745A-219B-48F6-95E9-85B4E516FA94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "786B3F51-46A3-4A4C-A549-B80BA27EE3B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "AB349DC8-2EC6-4A11-9BCD-9C49D36BA49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "CC8D88E5-7942-4F21-B0BA-7D23F4537117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "D7A42A22-D615-4D60-8FC4-61CDF727FD54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "601CABF7-997C-4828-9292-99FFBF603F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "B5133944-390D-4CEF-86EB-587A5D27F940",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.5 anteriores a vFP9, v9.7 hasta vFP5, y v9.8 hasta vFP4 no comprueban las variables de forma adecuada, lo que permite a usuarios remotos autenticados evitar las restricciones de visionado de datos de tablas, mediante la elevaci\u00f3n del privilegio CREATEIN al ejecutar sentencias SQL CREATE VARIABLE manipuladas."
    }
  ],
  "id": "CVE-2012-0709",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-20T20:55:01.147",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588100"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73493"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-22 19:15

Modified

2024-11-21 08:36

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/273393	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240307-0001/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7105506	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/273393	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7105506	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	aix	-
ibm	linux_on_ibm_z	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C382D744-D189-4F7D-B896-52C1B87F8C06",
              "versionEndExcluding": "11.5.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables.  IBM X-Force ID:  273393."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5 bajo ciertas circunstancias podr\u00eda permitir que un usuario autenticado en la base de datos provoque una denegaci\u00f3n de servicio cuando se ejecuta una declaraci\u00f3n en tablas de columnas. ID de IBM X-Force: 273393."
    }
  ],
  "id": "CVE-2023-50308",
  "lastModified": "2024-11-21T08:36:50.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-22T19:15:09.003",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273393"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7105506"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-06-24 17:15

Modified

2024-11-21 06:46

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/221970	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20220729-0007/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6598047	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/221970	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220729-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6598047	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor puede terminar de forma anormal cuando son ejecutadas sentencias SQL especialmente dise\u00f1adas por un usuario autenticado. IBM X-Force ID: 2219740"
    }
  ],
  "id": "CVE-2022-22389",
  "lastModified": "2024-11-21T06:46:44.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-24T17:15:08.520",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6598047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6598047"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-09-28 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

References

URL	Tags
cve@mitre.org	http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
cve@mitre.org	http://www.securityfocus.com/archive/1/343804	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/8989	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/13633
af854a3a-2127-422b-91ae-364da2661108	http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/343804	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/8989	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/13633

Impacted products

	Vendor	Product	Version
	ibm	db2	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF280E6-CF00-4B71-B58A-2087D339C665",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cadena de formato en IBM Universal Database 8.1 puede permitir a usuarios locales ejecutar c\u00f3digo arbitrario mediante ciertos argumentos de l\u00ednea de comando a (1) db2start, (2) db2stop, or (3) db2govd."
    }
  ],
  "id": "CVE-2003-1051",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-09-28T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/343804"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8989"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/343804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-03-11 16:15

Modified

2024-11-21 05:33

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/192469	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20210409-0003/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6427859	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/192469	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210409-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6427859	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
linux	linux_kernel	-
microsoft	windows	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD327F40-DAD7-44C3-9E98-B742595FE95F",
              "versionEndExcluding": "11.1.4.6",
              "versionStartIncluding": "11.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3A4627A-DD08-4ECA-854C-F38CC6799C32",
              "versionEndExcluding": "11.5.5.0",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "77E2A7AA-6BEC-4796-8F9C-B9761445203F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "DDB6647C-7CF0-474F-94C8-F5C7F6EE0DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "786B3F51-46A3-4A4C-A549-B80BA27EE3B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "AB349DC8-2EC6-4A11-9BCD-9C49D36BA49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "CC8D88E5-7942-4F21-B0BA-7D23F4537117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "D7A42A22-D615-4D60-8FC4-61CDF727FD54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "8614A1E4-F2B2-4D76-B0A4-4D2C210BC6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "BEBA2C16-A984-4DA3-953E-A3F29884ED09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "7B4337FD-3E56-482A-B27B-079901B07226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "F1DE50F8-6817-4C72-95BA-A81268F52E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "BCF253DE-A7BD-4626-8CA4-63CBF527A4A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "22019513-E605-4245-B031-05D8B0C8E3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "71959DD4-A6DF-40CC-A1D4-4211C292D9B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "AE96DEA7-95B8-487C-9ADC-ABD29942DEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "0D5B31BE-FE9D-4D12-945E-3870BB46CDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "14A3CD2D-6CE7-40AC-B3A2-F515D08A9A0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "A5466AD6-FE18-4778-9D6C-212347ECFFE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "282E708B-2FE3-4B1C-9DFC-C3BD164F3F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podr\u00edan permitir a un usuario local leer y escribir archivos espec\u00edficos debido a permisos de archivo d\u00e9biles. IBM X-Force ID: 192469"
    }
  ],
  "id": "CVE-2020-4976",
  "lastModified": "2024-11-21T05:33:29.933",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-11T16:15:12.737",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192469"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6427859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210409-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6427859"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-03-02 22:19

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/24387	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IY87492	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/22729
cve@mitre.org	http://www.securitytracker.com/id?1017731
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24387	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IY87492	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22729
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017731

Impacted products

Vendor	Product	Version
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	9.0
ibm	db2	9.0
unix	unix	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D7ACC0-4CF4-4B60-902C-C47DFCD097A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "55ABF9A3-7776-4C0B-A6CC-45955E42DA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "9DF77950-22DE-4BA2-A10F-10953F6119E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "57F66472-61EC-4467-ACF6-2893BF9E4050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "403EF6EC-9EEF-40F1-BA5C-F6211AADC9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "2CE8E119-58C7-4BF0-9C74-93F44E4FC732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "2F16D689-D091-47AA-96EC-6B419D4A6CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF280E6-CF00-4B71-B58A-2087D339C665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "E26817B0-D685-41C6-8049-0EA752BD3950",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the \"fenced\" user to access certain unauthorized directories."
    },
    {
      "lang": "es",
      "value": "IBM DB2 UDB 8.2 anterior a ixpak 7 (tambi\u00e9n conocido como fixpack 14), y DB2 9 anterior a Fix Pack 2, sobre UNIX permite al usuario \"cercano\" acceder a ciertos directorios no autorizados."
    }
  ],
  "id": "CVE-2007-1228",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 2.7,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-02T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24387"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY87492"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22729"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY87492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017731"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-04-27 13:15

Modified

2024-11-21 07:56

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/251991	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230511-0010/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6985687	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/251991	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230511-0010/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6985687	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3",
              "versionEndExcluding": "11.1.4",
              "versionStartIncluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block.  IBM X-Force ID:  251991."
    }
  ],
  "id": "CVE-2023-29255",
  "lastModified": "2024-11-21T07:56:45.623",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-27T13:15:09.053",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251991"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985687"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 07:53

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249517	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230803-0006/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249517	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230803-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517."
    }
  ],
  "id": "CVE-2023-27869",
  "lastModified": "2024-11-21T07:53:36.557",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:50.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010029"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-13 21:15

Modified

2024-11-21 06:46

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/225979	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230921-0004/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6618779	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/225979	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230921-0004/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6618779	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7.0.0
ibm	db2	9.7.0.0
ibm	db2	9.7.0.0
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:linux:*:*",
              "matchCriteriaId": "B086C74D-FD81-4032-9F70-290CE183B0E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:unix:*:*",
              "matchCriteriaId": "78D395FE-473A-44D1-A2E5-451111B36255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "316E63FD-A22E-42DC-BF9F-DA0B932C3384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "719EC236-1B9A-4D32-AE10-E092AA0673FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "837A367A-5376-402B-8584-F1D93392AC04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "34F92819-22F3-451A-94D8-1112D426BD17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una divulgaci\u00f3n de informaci\u00f3n en algunos escenarios debido a un acceso no autorizado causado por una administraci\u00f3n de privilegios inapropiada cuando es usado el comando CREATE OR REPLACE. IBM X-Force ID: 225979"
    }
  ],
  "id": "CVE-2022-22483",
  "lastModified": "2024-11-21T06:46:52.733",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-13T21:15:09.107",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230921-0004/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6618779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230921-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6618779"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-08-31 22:00

Modified

2025-04-11 00:51

Severity ?

Summary

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/41218	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21426108
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21432298
cve@mitre.org	http://www.vupen.com/english/advisories/2010/2225	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/61446
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41218	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21426108
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21432298
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2225	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/61446
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7
microsoft	windows_server_2008	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "1DF94D3C-3C23-4F22-B9B6-658C23E7BAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving \"special group and user enumeration.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 en Windows Server 2008 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (trampa) a trav\u00e9s de vectores involucrados \"Grupo especial y enumeraci\u00f3n de usuarios\" (\"special group and user enumeration\")."
    }
  ],
  "id": "CVE-2010-3195",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-31T22:00:02.640",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41218"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2225"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61446"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14647"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-08-31 22:00

Modified

2025-04-11 00:51

Severity ?

Summary

The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://secunia.com/advisories/41218	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2010/2225	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/61445
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13841
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41218	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2225	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/61445
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13841

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "1DF94D3C-3C23-4F22-B9B6-658C23E7BAF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner."
    },
    {
      "lang": "es",
      "value": "El programa DB2DART en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 permite a atacantes evitar las restricciones de los ficheros de acceso previstas a trav\u00e9s de vectores sin especificar relacionados con con la sobreescritura de ficheros propietarios por una instancia propietaria."
    }
  ],
  "id": "CVE-2010-3194",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-31T22:00:02.593",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41218"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2225"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61445"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13841"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-03-22 12:29

Modified

2024-11-21 03:22

Severity ?

7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22012896	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/103422	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1041227
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/133999	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22012896	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103422	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041227
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/133999	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
linux	linux_kernel	-
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999."
    },
    {
      "lang": "es",
      "value": "IBM Data Server Driver para JDBC y SQLJ (IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1) deserializa el contenido de /tmp/connlicj.bin, lo que conduce a una inyecci\u00f3n de objetos y a una potencial ejecuci\u00f3n de c\u00f3digo arbitrario dependiendo del classpath. IBM X-Force ID: 133999."
    }
  ],
  "id": "CVE-2017-1677",
  "lastModified": "2024-11-21T03:22:12.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-22T12:29:00.377",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012896"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103422"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1041227"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1041227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133999"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-16 23:15

Modified

2024-11-21 08:19

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/263575	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20231116-0007/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7047261	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/263575	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231116-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7047261	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8966D805-3817-488E-B692-D15838AD3469",
              "versionEndIncluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement.  IBM X-Force ID:  263575."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 es vulnerable a la Denegaci\u00f3n de Servicio con una declaraci\u00f3n de consulta especialmente manipulada. ID de IBM X-Force: 263575."
    }
  ],
  "id": "CVE-2023-40374",
  "lastModified": "2024-11-21T08:19:19.480",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-16T23:15:10.243",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047261"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-07-20 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21902661	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/75908
psirt@us.ibm.com	http://www.securitytracker.com/id/1033063
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21902661	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75908
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033063

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "3D9E7D2A-42B9-4D07-A107-BBD839E59858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "FD27164C-7554-46E1-B755-27C74D2EC3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F199F7B4-F273-4D45-AE08-7B5DAE6E0794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*",
              "matchCriteriaId": "ACEB3F4A-6411-4456-9B89-A43562189BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "1749B7DC-08BB-474B-BA5A-52602459C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "025FA405-0FD2-4B19-8FA4-15581085BD15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "F425C545-39CD-483C-97A3-BE0DC3EE63DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A6A7680-D883-414F-965B-1D6136760CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*",
              "matchCriteriaId": "76107CFE-EB32-4AF6-9AF9-F16238F9C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "7D1225B0-DBFF-4A13-93CB-1B64AF9ACE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "2ECC11D3-7D77-4823-8B34-DD76E131D74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "E1D36687-32AF-43E2-97D9-FDF602F89318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD80ADF4-35D3-4534-AACD-C00D80870723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*",
              "matchCriteriaId": "8D274B00-C986-4A5D-94B2-79F4A613D951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "67A935CA-7AF6-4DA9-958E-DF4BC8E2B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*",
              "matchCriteriaId": "A6B1A4DC-7062-4349-8D1A-3DE4B0E68FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*",
              "matchCriteriaId": "B3681F43-F23B-413D-B871-A40821F4988B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AE645126-ECD0-40FB-B2BA-5C9EF33EBE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*",
              "matchCriteriaId": "9AFEA656-426C-4F18-9737-8985531C7A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*",
              "matchCriteriaId": "09B0333F-0E27-40B3-A0DC-618BEA97CBC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la implementaci\u00f3n de la funci\u00f3n escalar en IBM DB2 9.7 a trav\u00e9s de FP10, 9.8 a trav\u00e9s de FP5, 10.1 anterior a FP5 y 10.5 a trav\u00e9s de FP5 en Linux, UNIX y Windows, permite a usuarios atacantes causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-1935",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-20T01:59:06.017",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/75908"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1033063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033063"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-17"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-10-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.

References

URL	Tags
cve@mitre.org	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184	Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488
af854a3a-2127-422b-91ae-364da2661108	ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery."
    },
    {
      "lang": "es",
      "value": "El componente Security en IBM DB2 UDB v9.5 anterior a FP6a registra eventos usando valores USERID y AUTHID correspondientes a la instancia del usuario propietario en vez de usarlos con la instancia de la cuenta de usuario logueado, lo que facilita a usuarios autenticados remotamente la ejecuci\u00f3n de comandos de administraci\u00f3n Audit."
    }
  ],
  "id": "CVE-2010-3738",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-05T18:00:33.440",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-04 00:15

Modified

2024-11-21 08:19

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/264807	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240119-0001/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7087157	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/264807	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240119-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7087157	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions.  IBM X-Force ID:  264807."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1, 11.5 es vulnerable a la denegaci\u00f3n de servicio en condiciones de estr\u00e9s extremo. ID de IBM X-Force: 264807."
    }
  ],
  "id": "CVE-2023-40692",
  "lastModified": "2024-11-21T08:19:58.837",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-04T00:15:07.000",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264807"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7087157"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-16 21:15

Modified

2024-11-21 08:14

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/261616	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20231116-0005/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7047489	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/261616	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231116-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7047489	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
ibm	db2	11.1.4
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53",
              "versionEndExcluding": "11.5.8",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement.  IBM X-Force ID:  261616."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 y 11.5 es vulnerable a la Denegaci\u00f3n de Servicio con una declaraci\u00f3n ALTER TABLE especialmente manipulada. ID de IBM X-Force: 261616."
    }
  ],
  "id": "CVE-2023-38720",
  "lastModified": "2024-11-21T08:14:06.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-16T21:15:10.720",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0005/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047489"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-17 00:15

Modified

2024-11-21 08:14

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/261607	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20231116-0008/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7047558	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/261607	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231116-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7047558	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.5.8
linux	linux_kernel	-
microsoft	windows	-
opengroup	unix	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5512DD6A-9E57-4741-8F66-1C7AC7C6B593",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF.  IBM X-Force ID:  261607."
    },
    {
      "lang": "es",
      "value": "IBM Db2 11.5 podr\u00eda permitir que un usuario local con privilegios especiales provoque una Denegaci\u00f3n de Servicio durante la desactivaci\u00f3n de la base de datos en DPF. ID de IBM X-Force: 261607."
    }
  ],
  "id": "CVE-2023-38719",
  "lastModified": "2024-11-21T08:14:06.727",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-17T00:15:10.797",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0008/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231116-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047558"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-06-03 21:00

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.

References

URL	Tags
cve@mitre.org	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/48147
cve@mitre.org	http://secunia.com/advisories/31787	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	Patch
cve@mitre.org	http://www.securityfocus.com/bid/35409
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/51105
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/48147
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31787	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21318189	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35409
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/51105

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "E0252A93-49D5-4C5E-B774-8400526CA813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v8 anterior a FP17, v9.1 anterior a FP5 y v9.5 anterior a FP2, ofrece un procedimiento INSTALL_JAR (tambi\u00e9n conocido como sqlj.install_jar), lo que permite a usuarios autenticados remotamente crear o sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de llamadas sin especificar."
    }
  ],
  "id": "CVE-2008-2154",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-03T21:00:00.187",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/48147"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35409"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/48147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51105"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-04-03 13:16

Modified

2025-01-31 17:17

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547.

References

URL	Tags
psirt@us.ibm.com	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/278547	Third Party Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20240517-0003/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7145722	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://https://exchange.xforce.ibmcloud.com/vulnerabilities/278547	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240517-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7145722	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently.  IBM X-Force ID:  278547."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a la denegaci\u00f3n de servicio cuando se consulta una funci\u00f3n integrada UDF espec\u00edfica de forma simult\u00e1nea. ID de IBM X-Force: 278547."
    }
  ],
  "id": "CVE-2023-52296",
  "lastModified": "2025-01-31T17:17:35.783",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-03T13:16:00.360",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/278547"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0003/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/278547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240517-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145722"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-20 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21588093	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/77826
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/73495
psirt@us.ibm.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21588093	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/77826
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/73495
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842

Impacted products

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	aix	*
linux	linux_kernel	*
sun	sunos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "59E6D578-4727-4AA3-9313-97D9775AC41E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "AC28AABC-88E8-480B-9A3B-D58B7B7EFC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "1DF94D3C-3C23-4F22-B9B6-658C23E7BAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "8C26F7EA-4A39-4244-87C9-397AE1C4B34C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
              "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "E3E12C63-19FF-4BB9-9389-BF5E6B493F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "10456C00-127D-46FE-82A4-D567AB19F87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "E476599E-7087-4442-AED5-61DC1CA1F374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "93F5745A-219B-48F6-95E9-85B4E516FA94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "786B3F51-46A3-4A4C-A549-B80BA27EE3B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "AB349DC8-2EC6-4A11-9BCD-9C49D36BA49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "CC8D88E5-7942-4F21-B0BA-7D23F4537117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "D7A42A22-D615-4D60-8FC4-61CDF727FD54",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AEFEC9-5DB4-44CB-977D-6561DC1680C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Un error de entero sin signo en el proceso db2dasrrm del servidor de administraci\u00f3n de DB2 (DAS) en IBM DB2 v9.1 hasta FP11, v9.5 antes de vFP9, y v9.7 hasta FP5 para UNIX permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una solicitud modificada a mano que ocasiona un desbordamiento del b\u00fafer basado en memoria din\u00e1mica."
    }
  ],
  "id": "CVE-2012-0711",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-20T20:55:01.320",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588093"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/77826"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73495"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/77826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-12-18 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05933	Vendor Advisory
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05936
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05937
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05938
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05939
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21692358
psirt@us.ibm.com	http://www.securityfocus.com/bid/71734
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/99110
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05933	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05936
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05937
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05938
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IT05939
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21692358
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71734
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/99110

Impacted products

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query."
    },
    {
      "lang": "es",
      "value": "IBM DB2 9.5 hasta FP10, 9.7 hasta FP10, 9.8 hasta FP5, 10.1 hasta FP4 y 10.5 anterior a FP5 permiten a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una petici\u00f3n XML manipulada."
    }
  ],
  "id": "CVE-2014-8901",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-18T16:59:18.770",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05933"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05936"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05937"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05938"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05939"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692358"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/71734"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99110"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-09-20 22:00

Modified

2025-04-11 00:51

Severity ?

Summary

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.

References

URL	Tags
cve@mitre.org	http://osvdb.org/68122
cve@mitre.org	http://secunia.com/advisories/41444	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg21446455
cve@mitre.org	http://www.securityfocus.com/bid/43291
cve@mitre.org	http://www.securitytracker.com/id?1024458
cve@mitre.org	http://www.vupen.com/english/advisories/2010/2425	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/61873
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/68122
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41444	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21446455
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/43291
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024458
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2425	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/61873
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7.0.1
ibm	db2	9.7.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v9.7 anteriores a FP3 no aplican correctamente los requisitos de privilegio para la ejecuci\u00f3n de las entradas en la cach\u00e9 din\u00e1mica SQL, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso destinados al aprovechar la cach\u00e9 para ejecutar una instrucci\u00f3n UPDATE contenida en una sentencia compilada de SQL."
    }
  ],
  "id": "CVE-2010-3475",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-09-20T22:00:04.347",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/68122"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41444"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/43291"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024458"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2425"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61873"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/68122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/43291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8

Vulnerabilites related to ibm - db2

CVE-2009-3473 (GCVE-0-2009-3473)

Vulnerability from cvelistv5

CVE-2010-3734 (GCVE-0-2010-3734)

Vulnerability from cvelistv5

CVE-2022-35637 (GCVE-0-2022-35637)

Vulnerability from cvelistv5

CVE-2020-4945 (GCVE-0-2020-4945)

Vulnerability from cvelistv5

CVE-2023-29255 (GCVE-0-2023-29255)

Vulnerability from cvelistv5

CVE-2025-36071 (GCVE-0-2025-36071)

Vulnerability from cvelistv5

CVE-2019-4101 (GCVE-0-2019-4101)

Vulnerability from cvelistv5

CVE-2009-1905 (GCVE-0-2009-1905)

Vulnerability from cvelistv5

CVE-2025-0915 (GCVE-0-2025-0915)

Vulnerability from cvelistv5

CVE-2016-5995 (GCVE-0-2016-5995)

Vulnerability from cvelistv5

CVE-2018-1897 (GCVE-0-2018-1897)

Vulnerability from cvelistv5

CVE-2019-4057 (GCVE-0-2019-4057)

Vulnerability from cvelistv5

CVE-2008-1997 (GCVE-0-2008-1997)

Vulnerability from cvelistv5

CVE-2012-1796 (GCVE-0-2012-1796)

Vulnerability from cvelistv5

CVE-2011-1847 (GCVE-0-2011-1847)

Vulnerability from cvelistv5

CVE-2017-1439 (GCVE-0-2017-1439)

Vulnerability from cvelistv5

CVE-2010-1560 (GCVE-0-2010-1560)

Vulnerability from cvelistv5

CVE-2018-1799 (GCVE-0-2018-1799)

Vulnerability from cvelistv5

CVE-2007-1027 (GCVE-0-2007-1027)

Vulnerability from cvelistv5

CVE-2018-1922 (GCVE-0-2018-1922)

Vulnerability from cvelistv5

CVE-2008-0696 (GCVE-0-2008-0696)

Vulnerability from cvelistv5

CVE-2023-29258 (GCVE-0-2023-29258)

Vulnerability from cvelistv5

CVE-2025-3050 (GCVE-0-2025-3050)

Vulnerability from cvelistv5

CVE-2008-6820 (GCVE-0-2008-6820)

Vulnerability from cvelistv5

CVE-2017-1105 (GCVE-0-2017-1105)

Vulnerability from cvelistv5

CVE-2008-6821 (GCVE-0-2008-6821)

Vulnerability from cvelistv5

CVE-2012-0712 (GCVE-0-2012-0712)

Vulnerability from cvelistv5

CVE-2023-30449 (GCVE-0-2023-30449)

Vulnerability from cvelistv5

CVE-2009-4331 (GCVE-0-2009-4331)

Vulnerability from cvelistv5

CVE-2024-37071 (GCVE-0-2024-37071)

Vulnerability from cvelistv5

CVE-2012-0711 (GCVE-0-2012-0711)

Vulnerability from cvelistv5

CVE-2018-1458 (GCVE-0-2018-1458)

Vulnerability from cvelistv5

CVE-2018-1978 (GCVE-0-2018-1978)

Vulnerability from cvelistv5

CVE-2021-38926 (GCVE-0-2021-38926)

Vulnerability from cvelistv5

CVE-2018-1780 (GCVE-0-2018-1780)

Vulnerability from cvelistv5

CVE-2014-6209 (GCVE-0-2014-6209)

Vulnerability from cvelistv5

CVE-2023-30446 (GCVE-0-2023-30446)

Vulnerability from cvelistv5

CVE-2020-4976 (GCVE-0-2020-4976)

Vulnerability from cvelistv5

CVE-2009-2859 (GCVE-0-2009-2859)

Vulnerability from cvelistv5

CVE-2018-1566 (GCVE-0-2018-1566)

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	*
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1

Vendor	Product	Version
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5

Vendor	Product	Version
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.1
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.5
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8