Tenable9199.PRMIBM DB2 10.1 < Fix Pack 5 / 10.5 < Fix Pack 6 Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:P/I:P/A:C
EPSS
Percentile
94.1%
Versions of IBM DB2 10.1 earlier than Fix Pack 5 or 10.5 earlier than Fix Pack 6 are potentially affected by multiple issues :
- A flaw exists that is triggered during the handling of SELECT statements with XML/XSLT function. This may allow an attacker to gain access to arbitrary files. (CVE-2014-8910)
- A flaw exists that is triggered during the handling of SQL statements with unspecified Scalar Functions. This may allow an authenticated remote attacker to cause a denial of service. (CVE-2015-0157)
- A flaw exists in the automated maintenance feature. The issue occurs when an authenticated DB2 user with elevated privileges manipulates an automated maintenance policy stored procedure, which can result in disclosing arbitrary files owned by the DB2 fenced ID on UNIX/Linux or administrator on Windows. (CVE-2015-1883)
- A flaw exists in the Data Movement feature that is triggered when handling a specially crafted query. This may allow an authenticated remote attacker to delete rows from a table without appropriate privileges. (CVE-2015-1922)
- A flaw exists that is triggered during the handling of SQL statements with LUW Scalar Functions. This may allow an authenticated remote attacker to run arbitrary code under the privileges of the DB2 instance owner, or cause a denial of service. (CVE-2015-1935)
Binary data 9199.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0157
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1883
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1922
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1935
www-01.ibm.com/support/docview.wss?uid=swg1IT06353
www-01.ibm.com/support/docview.wss?uid=swg1IT06354
www-01.ibm.com/support/docview.wss?uid=swg1IT06355
www-01.ibm.com/support/docview.wss?uid=swg1IT06356
www-01.ibm.com/support/docview.wss?uid=swg1IT08075
www-01.ibm.com/support/docview.wss?uid=swg1IT08080
www-01.ibm.com/support/docview.wss?uid=swg1IT08085
www-01.ibm.com/support/docview.wss?uid=swg1IT08086
www-01.ibm.com/support/docview.wss?uid=swg1IT08523
www-01.ibm.com/support/docview.wss?uid=swg1IT08524
www-01.ibm.com/support/docview.wss?uid=swg1IT08525
www-01.ibm.com/support/docview.wss?uid=swg1IT08543
www-01.ibm.com/support/docview.wss?uid=swg1IT08656
www-01.ibm.com/support/docview.wss?uid=swg1IT08667
www-01.ibm.com/support/docview.wss?uid=swg1IT08668
www-01.ibm.com/support/docview.wss?uid=swg21610582#5
www-01.ibm.com/support/docview.wss?uid=swg21610653#5
www-01.ibm.com/support/docview.wss?uid=swg21633303#6
www-01.ibm.com/support/docview.wss?uid=swg21647054#6
www-01.ibm.com/support/docview.wss?uid=swg21697988
www-01.ibm.com/support/docview.wss?uid=swg21698308
www-01.ibm.com/support/docview.wss?uid=swg21882724
www-01.ibm.com/support/docview.wss?uid=swg21902661
www-01.ibm.com/support/docview.wss?uid=swg21959650
www-01.ibm.com/support/docview.wss?uid=swg21962557
www-01.ibm.com/support/docview.wss?uid=swg21962559
www-01.ibm.com/support/docview.wss?uid=swg21962560
www-01.ibm.com/support/docview.wss?uid=swg21962562
www-01.ibm.com/support/docview.wss?uid=swg21962565
www-01.ibm.com/support/docview.wss?uid=swg21962634
www-01.ibm.com/support/docview.wss?uid=swg21966964
www-01.ibm.com/support/docview.wss?uid=swg21979608
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:P/I:P/A:C
EPSS
Percentile
94.1%