Lucene search

[email protected]CVE-2013-3475

HistoryJun 05, 2013 - 3:43 a.m.

CVE-2013-3475

2013-06-0503:43:48

CWE-119

[email protected]

web.nvd.nist.gov

293

cve

2013

3475

buffer overflow

ibm

db2

nvd

security vulnerability

smart analytics system 7600

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.

Affected configurations

NVD

Node

ibmdb2Match9.1

ibmdb2Match9.5

ibmdb2Match9.7

ibmdb2Match9.8

ibmdb2Match10.1

ibmdb2_connectMatch9.1

ibmdb2_connectMatch9.5

ibmdb2_connectMatch9.7

ibmdb2_connectMatch9.8

ibmdb2_connectMatch10.1

ibmsmart_analytics_system_7600Match-

CPENameOperatorVersion
ibm:db2ibm db2eq9.1
ibm:db2ibm db2eq9.5
ibm:db2ibm db2eq9.7
ibm:db2ibm db2eq9.8
ibm:db2ibm db2eq10.1
ibm:db2_connectibm db2 connecteq9.1
ibm:db2_connectibm db2 connecteq9.5
ibm:db2_connectibm db2 connecteq9.7
ibm:db2_connectibm db2 connecteq9.8
ibm:db2_connectibm db2 connecteq10.1

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.1
ibm:db2	ibm db2	eq	9.5
ibm:db2	ibm db2	eq	9.7
ibm:db2	ibm db2	eq	9.8
ibm:db2	ibm db2	eq	10.1
ibm:db2_connect	ibm db2 connect	eq	9.1
ibm:db2_connect	ibm db2 connect	eq	9.5
ibm:db2_connect	ibm db2 connect	eq	9.7
ibm:db2_connect	ibm db2 connect	eq	9.8
ibm:db2_connect	ibm db2 connect	eq	10.1