CVE-2013-4033

2013-08-2813:13:58

CWE-264

ibm

web.nvd.nist.gov

287

cve-2013-4033

ibm db2

db2 connect

nvd

explain authority

dml statements

CVSS2

4.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

71.1%

JSON

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.

Affected configurations

Nvd

Node

ibmdb2Match9.7

ibmdb2Match9.8

ibmdb2Match10.1

ibmdb2Match10.5

ibmdb2_connectMatch9.5

ibmdb2_connectMatch9.7

ibmdb2_connectMatch9.8

ibmdb2_connectMatch10.1

ibmdb2_connectMatch10.5

VendorProductVersionCPE
ibmdb29.7cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
ibmdb29.8cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
ibmdb210.1cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
ibmdb210.5cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
ibmdb2_connect9.5cpe:2.3:a:ibm:db2_connect:9.5:*:*:*:*:*:*:*
ibmdb2_connect9.7cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*
ibmdb2_connect9.8cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*
ibmdb2_connect10.1cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*
ibmdb2_connect10.5cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.7	cpe:2.3:a:ibm:db2:9.7:::::::*
ibm	db2	9.8	cpe:2.3:a:ibm:db2:9.8:::::::*
ibm	db2	10.1	cpe:2.3:a:ibm:db2:10.1:::::::*
ibm	db2	10.5	cpe:2.3:a:ibm:db2:10.5:::::::*
ibm	db2_connect	9.5	cpe:2.3:a:ibm:db2_connect:9.5:::::::*
ibm	db2_connect	9.7	cpe:2.3:a:ibm:db2_connect:9.7:::::::*
ibm	db2_connect	9.8	cpe:2.3:a:ibm:db2_connect:9.8:::::::*
ibm	db2_connect	10.1	cpe:2.3:a:ibm:db2_connect:10.1:::::::*
ibm	db2_connect	10.5	cpe:2.3:a:ibm:db2_connect:10.5:::::::*