CVE-2013-4033

2013-08-2813:13:58

CWE-264

[email protected]

web.nvd.nist.gov

280

cve-2013-4033

ibm db2

db2 connect

nvd

explain authority

dml statements

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.2%

JSON

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.

Affected configurations

NVD

Node

ibmdb2Match9.7

ibmdb2Match9.8

ibmdb2Match10.1

ibmdb2Match10.5

ibmdb2_connectMatch9.5

ibmdb2_connectMatch9.7

ibmdb2_connectMatch9.8

ibmdb2_connectMatch10.1

ibmdb2_connectMatch10.5

CPENameOperatorVersion
ibm:db2ibm db2eq9.7
ibm:db2ibm db2eq9.8
ibm:db2ibm db2eq10.1
ibm:db2ibm db2eq10.5
ibm:db2_connectibm db2 connecteq9.5
ibm:db2_connectibm db2 connecteq9.7
ibm:db2_connectibm db2 connecteq9.8
ibm:db2_connectibm db2 connecteq10.1
ibm:db2_connectibm db2 connecteq10.5

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.7
ibm:db2	ibm db2	eq	9.8
ibm:db2	ibm db2	eq	10.1
ibm:db2	ibm db2	eq	10.5
ibm:db2_connect	ibm db2 connect	eq	9.5
ibm:db2_connect	ibm db2 connect	eq	9.7
ibm:db2_connect	ibm db2 connect	eq	9.8
ibm:db2_connect	ibm db2 connect	eq	10.1
ibm:db2_connect	ibm db2 connect	eq	10.5