CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
66.2%
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5
through FP5 on Linux, UNIX, and Windows allows remote authenticated users
to read arbitrary text files via a crafted XML/XSLT function in a SELECT
statement.
Author | Note |
---|---|
sbeattie | DB2 is in the partner archive for the 12.04 LTS release |
www-01.ibm.com/support/docview.wss?uid=swg1IT06353
www-01.ibm.com/support/docview.wss?uid=swg1IT06354
www-01.ibm.com/support/docview.wss?uid=swg1IT06355
www-01.ibm.com/support/docview.wss?uid=swg1IT06356
www-01.ibm.com/support/docview.wss?uid=swg21697988
launchpad.net/bugs/cve/CVE-2014-8910
nvd.nist.gov/vuln/detail/CVE-2014-8910
security-tracker.debian.org/tracker/CVE-2014-8910
www.cve.org/CVERecord?id=CVE-2014-8910