CVE-2016-0215

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2016-0215
IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21979986 Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise_server:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise_server:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:connect_unlimited:system_z:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise_server:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:connect_unlimited:system_z:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise_server:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup_server:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:connect_application_server:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup_server:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise_server:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup_server:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:connect_application_server:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:connect_enterprise:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:connect_unlimited:system_i:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:connect_unlimited:system_i:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup_server:*:*:*
cpe:2.3:a:ibm:db2:10.1:*:*:*:connect_enterprise:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:connect_unlimited:system_z:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise_server:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup_server:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:connect_application_server:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:connect_enterprise:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:connect_unlimited:system_i:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup_server:*:*:*
OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise_server:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Information

Published : 2018-01-16 11:29

Updated : 2018-02-05 12:12

NVD link : CVE-2016-0215

Mitre link : CVE-2016-0215

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

ibm

  • db2
  • aix

microsoft

  • windows

hp

  • hp-ux

linux

  • linux_kernel

oracle

  • solaris