CVE-2013-6717

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762
http://www-01.ibm.com/support/docview.wss?uid=swg21660041	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737
http://www.ibm.com/support/docview.wss?uid=swg21659490
http://secunia.com/advisories/56451
https://exchange.xforce.ibmcloud.com/vulnerabilities/89116
http://www.securityfocus.com/bid/64336

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2_connect:9.7:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7.0.7:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7.0.8:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.2:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.3:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7.0.3:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7.0.4:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.8:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.9:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.6:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7.0.1:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.4:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.7:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7.0.6:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.1:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7.0.9:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7.0.2:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7.0.5:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.5:::::::*
	cpe:2.3:a:ibm:db2:9.7:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:db2_connect:9.8:::::::*
	cpe:2.3:a:ibm:db2:9.8:::::::*
	cpe:2.3:a:ibm:db2:9.8.0.5:::::::*
	cpe:2.3:a:ibm:db2:9.8.0.3:::::::*
	cpe:2.3:a:ibm:db2:9.8.0.4:::::::*
	cpe:2.3:a:ibm:db2_connect:9.8.0.3:::::::*
	cpe:2.3:a:ibm:db2_connect:9.8.0.4:::::::*
	cpe:2.3:a:ibm:db2_connect:9.8.0.5:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:ibm:db2_connect:10.5.0.1:::::::*
	cpe:2.3:a:ibm:db2_connect:10.5.0.2:::::::*
	cpe:2.3:a:ibm:db2_connect:10.5:::::::*
	cpe:2.3:a:ibm:db2:10.5:::::::*
	cpe:2.3:a:ibm:db2:10.5.0.1:::::::*
	cpe:2.3:a:ibm:db2:10.5.0.2:::::::*

Configuration 4 (hide)

cpe:2.3:a:ibm:db2_purescale_feature_9.8:-:-:-:*:-:db2_enterprise_edition:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:ibm:db2:10.1.0.2:::::::*
	cpe:2.3:a:ibm:db2:10.1.0.3:::::::*
	cpe:2.3:a:ibm:db2_connect:10.1.0.3:::::::*
	cpe:2.3:a:ibm:db2_connect:10.1:::::::*
	cpe:2.3:a:ibm:db2:10.1:::::::*
	cpe:2.3:a:ibm:db2_connect:10.1.0.1:::::::*
	cpe:2.3:a:ibm:db2_connect:10.1.0.2:::::::*
	cpe:2.3:a:ibm:db2:10.1.0.1:::::::*

Information

Published : 2013-12-19 14:55

Updated : 2018-09-25 03:29

NVD link : CVE-2013-6717

Mitre link : CVE-2013-6717

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

ibm

db2_connect
db2
db2_purescale_feature_9.8

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762", "name": "IC97762", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660041", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660041", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641", "name": "IC95641", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738", "name": "IC97738", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737", "name": "IC97737", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21659490", "name": "http://www.ibm.com/support/docview.wss?uid=swg21659490", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/56451", "name": "56451", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89116", "name": "ibm-db2-cve20136717-dos(89116)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/bid/64336", "name": "64336", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-6717", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-12-19T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.8.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.8.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:9.8.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2_purescale_feature_9.8:-:-:-:*:-:db2_enterprise_edition:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-09-25T10:29Z"}

4.0 /10