CVE-2014-8910

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-8910
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355
http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356
http://www-01.ibm.com/support/docview.wss?uid=swg21697988 Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353
http://www.securityfocus.com/bid/75949
http://www.securitytracker.com/id/1032883
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*
cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*
cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*
cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*
cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*
cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*
Information

Published : 2015-07-19 18:59

Updated : 2017-09-21 18:29

NVD link : CVE-2014-8910

Mitre link : CVE-2014-8910

JSON object : View

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Advertisement

dedicated server usa
Products Affected

ibm

  • db2