CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
66.2%
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | db2 | 9.7 | cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:* |
ibm | db2 | 9.7 | cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:* |
ibm | db2 | 9.7 | cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:* |
ibm | db2 | 9.7 | cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:* |
ibm | db2 | 9.7 | cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:* |
ibm | db2 | 9.8 | cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:* |
ibm | db2 | 9.8 | cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:* |
ibm | db2 | 9.8 | cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:* |
ibm | db2 | 9.8 | cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:* |
ibm | db2 | 9.8 | cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:* |
www-01.ibm.com/support/docview.wss?uid=swg1IT06353
www-01.ibm.com/support/docview.wss?uid=swg1IT06354
www-01.ibm.com/support/docview.wss?uid=swg1IT06355
www-01.ibm.com/support/docview.wss?uid=swg1IT06356
www-01.ibm.com/support/docview.wss?uid=swg21697988
www.securityfocus.com/bid/75949
www.securitytracker.com/id/1032883