CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
78.6%
The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:* |
ibm | db2 | 9.5 | cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:* |