CVE-2014-0919

Current Description

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.

Basic Data

PublishedMay 08, 2015
Last ModifiedNovember 28, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.0
SeverityMEDIUM
Exploitability Score8.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmDb29.5***advanced_enterprise***
    2.3ApplicationIbmDb29.5***advanced_workgroup***
    2.3ApplicationIbmDb29.5***enterprise***
    2.3ApplicationIbmDb29.5***express***
    2.3ApplicationIbmDb29.5***workgroup***
    2.3ApplicationIbmDb29.7***advanced_enterprise***
    2.3ApplicationIbmDb29.7***advanced_workgroup***
    2.3ApplicationIbmDb29.7***enterprise***
    2.3ApplicationIbmDb29.7***express***
    2.3ApplicationIbmDb29.7***workgroup***
    2.3ApplicationIbmDb29.8***advanced_enterprise***
    2.3ApplicationIbmDb29.8***advanced_workgroup***
    2.3ApplicationIbmDb29.8***enterprise***
    2.3ApplicationIbmDb29.8***express***
    2.3ApplicationIbmDb29.8***workgroup***
    2.3ApplicationIbmDb210.1***advanced_enterprise***
    2.3ApplicationIbmDb210.1***advanced_workgroup***
    2.3ApplicationIbmDb210.1***enterprise***
    2.3ApplicationIbmDb210.1***express***
    2.3ApplicationIbmDb210.1***workgroup***
    2.3ApplicationIbmDb210.5***advanced_enterprise***
    2.3ApplicationIbmDb210.5***advanced_workgroup***
    2.3ApplicationIbmDb210.5***enterprise***
    2.3ApplicationIbmDb210.5***express***
    2.3ApplicationIbmDb210.5***workgroup***

Vulnerable Software List

VendorProductVersions
Ibm Db2 10.1, 10.5, 9.5, 9.7, 9.8

References

NameSourceURLTags
74217http://www.securityfocus.com/bid/74217BID
1032247http://www.securitytracker.com/id/1032247SECTRACK
IT07397http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397AIXAPAR
IT07547http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547AIXAPAR
IT07552http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552AIXAPAR
IT07553http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553AIXAPAR
IT07554http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21698021http://www-01.ibm.com/support/docview.wss?uid=swg21698021CONFIRMPATCH Vendor Advisory