CVE-2014-0919

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552
http://www-01.ibm.com/support/docview.wss?uid=swg21698021	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553
http://www.securitytracker.com/id/1032247
http://www.securityfocus.com/bid/74217

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2:9.7::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7::::enterprise:::
	cpe:2.3:a:ibm:db2:9.8::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:10.1::::express:::
	cpe:2.3:a:ibm:db2:10.5::::enterprise:::
	cpe:2.3:a:ibm:db2:10.5::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:10.5::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.5::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7::::express:::
	cpe:2.3:a:ibm:db2:9.8::::enterprise:::
	cpe:2.3:a:ibm:db2:9.8::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:10.1::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:10.1::::enterprise:::
	cpe:2.3:a:ibm:db2:10.5::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.5::::enterprise:::
	cpe:2.3:a:ibm:db2:9.5::::express:::
	cpe:2.3:a:ibm:db2:10.5::::express:::
	cpe:2.3:a:ibm:db2:10.1::::workgroup:::
	cpe:2.3:a:ibm:db2:9.8::::workgroup:::
	cpe:2.3:a:ibm:db2:9.5::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.5::::workgroup:::
	cpe:2.3:a:ibm:db2:9.8::::express:::
	cpe:2.3:a:ibm:db2:9.7::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:10.1::::advanced_workgroup:::

Information

Published : 2015-05-07 18:59

Updated : 2016-11-28 11:10

NVD link : CVE-2014-0919

Mitre link : CVE-2014-0919

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

ibm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547", "name": "IT07547", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552", "name": "IT07552", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698021", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397", "name": "IT07397", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554", "name": "IT07554", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553", "name": "IT07553", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.securitytracker.com/id/1032247", "name": "1032247", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/74217", "name": "74217", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0919", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-05-08T01:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:*:*:*:advanced_workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:*:*:*:advanced_enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:*:*:*:workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-11-28T19:10Z"}

4.0 /10