Lucene search
HistoryOct 06, 2007 - 9:00 p.m.
CVE-2005-4871
ibm
db2
xml
functions
privilege escalation
cve-2005-4871
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.4%
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.
Affected configurations
Node
ibmdb2Match8.1
Related
nvd
nvd
CVE-2005-4871
2005-12-31 05:00:00
cvelist
cvelist
CVE-2005-4871
2007-10-06 21:00:00
nessus
nessus
IBM DB2 < 8 Fix Pack 7a Multiple Vulnerabilities
2004-10-17 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.4%
Related for CVE-2005-4871