Lucene search

MitreCVE-2005-4871

HistoryOct 06, 2007 - 9:00 p.m.

CVE-2005-4871

2007-10-0621:00:00

CWE-264

mitre

web.nvd.nist.gov

ibm

db2

xml

functions

privilege escalation

cve-2005-4871

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

High

EPSS

0.016

Percentile

87.7%

JSON

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

Affected configurations

Nvd

Node

ibmdb2Match8.1

VendorProductVersionCPE
ibmdb28.1cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	8.1	cpe:2.3:a:ibm:db2:8.1:::::::*

References

marc.info/?l=bugtraq&m=110495620513954&w=2

secunia.com/advisories/12733/

www.ngssoftware.com/advisories/db205012005I.txt

www.securityfocus.com/bid/12170

exchange.xforce.ibmcloud.com/vulnerabilities/18761

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

High

EPSS

0.016

Percentile

87.7%

JSON

Related for CVE-2005-4871