Lucene search
Copyright (C) 2017 Greenbone AGOPENVAS:1361412562310812266HistoryDec 15, 2017 - 12:00 a.m.
IBM Db2 Information Disclosure Vulnerability (Dec 2017)
2017-12-1500:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
14
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
IBM DB2 is prone to an information disclosure vulnerability.
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ibm:db2";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.812266");
script_version("2024-02-20T05:05:48+0000");
script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2017-12-15 15:59:52 +0530 (Fri, 15 Dec 2017)");
script_tag(name:"cvss_base", value:"2.1");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_cve_id("CVE-2014-4805");
script_name("IBM Db2 Information Disclosure Vulnerability (Dec 2017)");
script_tag(name:"summary", value:"IBM DB2 is prone to an information disclosure vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw exists as during certain
LOAD operations into Columnar Data Engine (CDE) tables, a temporary file
containing user data may be created at the Db2 server. As the file only
exists for the duration of the LOAD operation and is automatically removed
on completion (both success and error), the vulnerability exists only temporarily.");
script_tag(name:"impact", value:"Successful exploitation will allow
attackers to obtain sensitive information that may aid in further attacks.");
script_tag(name:"affected", value:"IBM Db2 10.5 before FP4.");
script_tag(name:"solution", value:"Apply the appropriate fix from reference link");
script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21681723");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/69541");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Databases");
script_dependencies("gb_ibm_db2_consolidation.nasl", "os_detection.nasl");
script_mandatory_keys("ibm/db2/detected", "Host/runs_unixoide");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!version = get_app_version(cpe: CPE, nofork: TRUE))
exit(0);
if (version_in_range(version: version, test_version: "10.5.0", test_version2: "10.5.0.3")) {
report = report_fixed_ver(installed_version: version, fixed_version: "10.5.0.4");
security_message(port: 0, data: report);
exit(0);
}
exit(99);
Related
nvd
nvd
CVE-2014-4805
2014-09-04 10:55:07
prion
prion
Information disclosure
2014-09-04 10:55:00
cvelist
cvelist
CVE-2014-4805
2014-09-04 10:00:00
cve
cve
CVE-2014-4805
2014-09-04 10:55:07
ibm
ibm
nessus
nessus
IBM DB2 10.5 < Fix Pack 4 Multiple Vulnerabilities
2014-09-09 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for OPENVAS:1361412562310812266