CVE-2013-3475

2013-06-0503:43:48

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.

Affected configurations

Nvd

Node

ibmdb2Match9.1

ibmdb2Match9.5

ibmdb2Match9.7

ibmdb2Match9.8

ibmdb2Match10.1

ibmdb2_connectMatch9.1

ibmdb2_connectMatch9.5

ibmdb2_connectMatch9.7

ibmdb2_connectMatch9.8

ibmdb2_connectMatch10.1

ibmsmart_analytics_system_7600Match-

VendorProductVersionCPE
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
ibmdb29.5cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
ibmdb29.7cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
ibmdb29.8cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
ibmdb210.1cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
ibmdb2_connect9.1cpe:2.3:a:ibm:db2_connect:9.1:*:*:*:*:*:*:*
ibmdb2_connect9.5cpe:2.3:a:ibm:db2_connect:9.5:*:*:*:*:*:*:*
ibmdb2_connect9.7cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*
ibmdb2_connect9.8cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*
ibmdb2_connect10.1cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:::::::*
ibm	db2	9.5	cpe:2.3:a:ibm:db2:9.5:::::::*
ibm	db2	9.7	cpe:2.3:a:ibm:db2:9.7:::::::*
ibm	db2	9.8	cpe:2.3:a:ibm:db2:9.8:::::::*
ibm	db2	10.1	cpe:2.3:a:ibm:db2:10.1:::::::*
ibm	db2_connect	9.1	cpe:2.3:a:ibm:db2_connect:9.1:::::::*
ibm	db2_connect	9.5	cpe:2.3:a:ibm:db2_connect:9.5:::::::*
ibm	db2_connect	9.7	cpe:2.3:a:ibm:db2_connect:9.7:::::::*
ibm	db2_connect	9.8	cpe:2.3:a:ibm:db2_connect:9.8:::::::*
ibm	db2_connect	10.1	cpe:2.3:a:ibm:db2_connect:10.1:::::::*