CVE-2013-5466

2013-12-1816:04:33

[email protected]

web.nvd.nist.gov

278

ibm

db2

xslt

library

vulnerability

cve-2013-5466

denial of service

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

JSON

The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.

Affected configurations

NVD

Node

ibmdb2Match9.5

ibmdb2Match9.7

ibmdb2Match9.8

ibmdb2Match10.1

ibmdb2Match10.5

ibmdb2_connectMatch9.5

ibmdb2_connectMatch9.7

ibmdb2_connectMatch9.8

ibmdb2_connectMatch10.1

ibmdb2_connectMatch10.5

ibmdb2_purescale_feature_9.8Match----db2_enterprise_edition

CPENameOperatorVersion
ibm:db2ibm db2eq9.5
ibm:db2ibm db2eq9.7
ibm:db2ibm db2eq9.8
ibm:db2ibm db2eq10.1
ibm:db2ibm db2eq10.5
ibm:db2_connectibm db2 connecteq9.5
ibm:db2_connectibm db2 connecteq9.7
ibm:db2_connectibm db2 connecteq9.8
ibm:db2_connectibm db2 connecteq10.1
ibm:db2_connectibm db2 connecteq10.5

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.5
ibm:db2	ibm db2	eq	9.7
ibm:db2	ibm db2	eq	9.8
ibm:db2	ibm db2	eq	10.1
ibm:db2	ibm db2	eq	10.5
ibm:db2_connect	ibm db2 connect	eq	9.5
ibm:db2_connect	ibm db2 connect	eq	9.7
ibm:db2_connect	ibm db2 connect	eq	9.8
ibm:db2_connect	ibm db2 connect	eq	10.1
ibm:db2_connect	ibm db2 connect	eq	10.5