Lucene search

[email protected]NVD:CVE-2005-4871

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4871

2005-12-3105:00:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.016

Percentile

87.7%

JSON

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

Affected configurations

Nvd

Node

ibmdb2Match8.1

VendorProductVersionCPE
ibmdb28.1cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	8.1	cpe:2.3:a:ibm:db2:8.1:::::::*

References

marc.info/?l=bugtraq&m=110495620513954&w=2

secunia.com/advisories/12733/

www.ngssoftware.com/advisories/db205012005I.txt

www.securityfocus.com/bid/12170

exchange.xforce.ibmcloud.com/vulnerabilities/18761

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.016

Percentile

87.7%

JSON

Related for NVD:CVE-2005-4871

cve1 cvelist1 nessus1