Lucene search

IbmCVE-2014-8901

HistoryDec 18, 2014 - 4:59 p.m.

CVE-2014-8901

2014-12-1816:59:18

CWE-399

ibm

web.nvd.nist.gov

ibm

db2

fp10

security

vulnerability

xml

denial of service

cve-2014-8901

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.007

Percentile

81.2%

JSON

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.

Affected configurations

Nvd

Node

ibmdb2Match9.5

ibmdb2Match9.7

ibmdb2Match9.8

ibmdb2Match10.1

ibmdb2Match10.5

VendorProductVersionCPE
ibmdb29.5cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
ibmdb29.7cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
ibmdb29.8cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
ibmdb210.1cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
ibmdb210.5cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.5	cpe:2.3:a:ibm:db2:9.5:::::::*
ibm	db2	9.7	cpe:2.3:a:ibm:db2:9.7:::::::*
ibm	db2	9.8	cpe:2.3:a:ibm:db2:9.8:::::::*
ibm	db2	10.1	cpe:2.3:a:ibm:db2:10.1:::::::*
ibm	db2	10.5	cpe:2.3:a:ibm:db2:10.5:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IT05933

www-01.ibm.com/support/docview.wss?uid=swg1IT05936

www-01.ibm.com/support/docview.wss?uid=swg1IT05937

www-01.ibm.com/support/docview.wss?uid=swg1IT05938

www-01.ibm.com/support/docview.wss?uid=swg1IT05939

www-01.ibm.com/support/docview.wss?uid=swg21692358

www.securityfocus.com/bid/71734

exchange.xforce.ibmcloud.com/vulnerabilities/99110

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.007

Percentile

81.2%

JSON

Related for CVE-2014-8901