Lucene search

K
nessusTenable9196.PRM
HistoryApr 15, 2016 - 12:00 a.m.

IBM DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities

2016-04-1500:00:00
Tenable
www.tenable.com
14

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.013

Percentile

85.7%

Versions of IBM DB2 9.8 earlier than Fix Pack 5 are potentially affected by multiple issues :

  • A flaw exists in relational data services that is due to privileges persisting when they’re removed from users. This may allow attackers to execute non-DDL statements after their privileges have been revoked.
  • A flaw exists that is triggered when Self Tuning Memory Manager (STMM) is enabled and DATABASE_MEMORY is set to AUTOMATIC. This may allow a local attacker to potentially cause a crash.
  • An authorized user with ‘CONNECT’ privileges from ‘PUBLIC’ can cause a denial of service via unspecified methods related to DB2’s XML feature. (CVE-2012-0712)
  • An unspecified information disclosure vulnerability exists related to the XML feature that can allow improper access to arbitrary XML files. (CVE-2012-0713)
  • An error exists related to the Distributed RelationalDatabase Architecture (DRDA) that can allow denial of service conditions when processing certain request. (CVE-2012-2180)
Binary data 9196.prm

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.013

Percentile

85.7%