Lucene search
K
IbmDb2 Connect

17 matches found

CVE
CVE
added 2013/06/05 1:0 a.m.329 views

CVE-2013-3475

CVE-2013-3475 is a local privilege-escalation flaw in the DB2 Audit Facility. The issue affects IBM DB2/DB2 Connect versions 9.1, 9.5, 9.7, 9.8, and 10.1 deployed with IBM Smart Analytics System and related products (e.g., InfoSphere Balanced Warehouse, Balanced Warehouse on C3000/C4000, D5100, a...

7.2CVSS6.7AI score0.00432EPSS
CVE
CVE
added 2013/08/28 10:0 a.m.324 views

CVE-2013-4033

CVE-2013-4033 affects IBM DB2 and DB2 Connect (versions 9.7 FP8, 9.8 FP5, 10.1 FP2, 10.5 FP1). An authenticated user with EXPLAIN authority can temporarily gain SELECT/INSERT/UPDATE/DELETE on a table without DATAACCESS authority, by exploiting EXPLAIN-related privileges. IBM security notices list...

4.6CVSS6.5AI score0.01746EPSS
CVE
CVE
added 2013/12/19 10:0 p.m.318 views

CVE-2013-6717

Summary of CVE-2013-6717 : The IBM DB2 OLAP query engine (affecting DB2 9.7 FP9, 9.8 FP3a/FP4, 10.1 FP3, 10.5 FP2/FP3, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition) contains a vulnerability that could allow a remote, authenticated user to cause a denial of service by terminatin...

4CVSS6.4AI score0.02402EPSS
CVE
CVE
added 2013/12/18 11:0 a.m.309 views

CVE-2013-5466

CVE-2013-5466 affects IBM DB2/DB2 Connect XSLT library, enabling a remote authenticated user to cause a denial of service via unspecified vectors. Affected versions include DB2/DB2 Connect 9.5–10.5 and DB2 pureScale Feature 9.8 for Enterprise Server Edition. Remediation is available: fixes exist ...

4CVSS6.3AI score0.02158EPSS
CVE
CVE
added 2017/06/27 4:0 p.m.83 views

CVE-2017-1297

CVE-2017-1297 affects IBM DB2 for Linux/UNIX/Windows (including DB2 Connect Server). The vulnerability is a stack-based buffer overflow caused by improper bounds checking in the CLP path, which could allow a local attacker to execute arbitrary code. In affected IBM DB2 LUW releases (notably 9.2/1...

7.3CVSS7.3AI score0.01489EPSS
CVE
CVE
added 2012/09/25 8:0 p.m.76 views

CVE-2012-3324

IBM DB2 on Windows (DB2 10.1 and DB2 Connect 10.1) is affected by a directory traversal vulnerability in the UTL_FILE module. The issue arises from how file names are processed, allowing a remote authenticated user to view, modify, or delete arbitrary files outside the intended directory via a cr...

9CVSS8.5AI score0.03565EPSS
CVE
CVE
added 2017/06/27 4:0 p.m.66 views

CVE-2017-1105

IBM DB2 LUW (on Linux/UNIX/Windows, including DB2 Connect Server) is affected by a local buffer overflow (CVE-2017-1105) across multiple tracked releases (9.2, 10.1, 10.5, 11.1). The issue could allow a local user to overwrite DB2 files or cause a denial of service; impact is described as affecte...

7.1CVSS7AI score0.00372EPSS
CVE
CVE
added 2017/09/12 9:0 p.m.66 views

CVE-2017-1434

CVE-2017-1434 (IBM DB2 LUW/DB2 Connect Server) allows a local user to view highly sensitive information in the error log under certain conditions. IBM notes exposure occurs when upgrading Db2 to v11.x fails, writing the connection string in clear to db2diag.log; affected versions include DB2 LUW ...

4.7CVSS5.2AI score0.00337EPSS
CVE
CVE
added 2017/09/12 9:0 p.m.66 views

CVE-2017-1451

IBM DB2 LUW 9.7, 10.1, 10.5, and 11.1 (including DB2 Connect Server) are affected by CVE-2017-1451. A local user with DB2 instance owner privileges could obtain root access due to a privilege-escalation flaw. Affected IBM products include DB2 LUW on Linux/Unix/Windows; several IBM security bullet...

7.8CVSS7.3AI score0.00373EPSS
CVE
CVE
added 2016/10/01 1:0 a.m.62 views

CVE-2016-5995

CVE-2016-5995 affects IBM DB2: Untrusted search path allow local privilege escalation via a Trojan horse library loaded by setuid/setgid binaries. Affected DB2 releases on Linux/AIX/HP-UX include 9.7 FP11, 10.1 FP5, 10.5 before FP8, and 11.1 GA. IBM remediation varies by release (e.g., 9.7 FP11 s...

7.3CVSS7AI score0.00413EPSS
CVE
CVE
added 2016/04/28 1:0 a.m.61 views

CVE-2016-0211

CVE-2016-0211 affects IBM DB2 LUW: remote authenticated users can crash the DB2 server by sending a crafted DRDA message. Impact is a denial of service. Affected products/versions include IBM DB2 LUW on Linux/UNIX/Windows (e.g., DB2 9.7 up to FP11, 9.8, 10.1 up to FP5, 10.5 up to FP7). IBM and re...

4.3CVSS4.4AI score0.02126EPSS
CVE
CVE
added 2017/09/12 9:0 p.m.60 views

CVE-2017-1452

CVE-2017-1452 affects IBM DB2 LUW (Linux/UNIX/Windows) including DB2 Connect Server and allows a local user to escalate privileges and overwrite DB2 files. Affected: DB2 9.7, 10.1, 10.5, 11.1; Windows is noted as not vulnerable in one bulletin. Base score ~6.7 (CVSS v3.0) with local, high-impact ...

7.8CVSS7.3AI score0.00373EPSS
CVE
CVE
added 2017/09/12 9:0 p.m.59 views

CVE-2017-1439

CVE-2017-1439 affects IBM DB2 LUW (DB2 Connect Server) across 9.7, 10.1, 10.5, and 11.1. Description: a local user with DB2 instance owner privileges could obtain root access. Connected IBM advisories confirm vulnerability presence and provide remediation paths: apply fix packs/fixes for each rel...

7.2CVSS6.6AI score0.00379EPSS
CVE
CVE
added 2014/12/12 4:0 p.m.56 views

CVE-2014-6210

CVE-2014-6210 affects IBM DB2 LUW products (e.g., DB2 9.7, 9.8, 10.1, 10.5) where a remote, authenticated user can crash the DB2 server by issuing multiple ALTER TABLE statements on the same column. Root cause: vulnerability in processing ALTER TABLE on identity/specified columns that leads to ab...

4CVSS6.3AI score0.0249EPSS
CVE
CVE
added 2017/09/12 9:0 p.m.56 views

CVE-2017-1520

CVE-2017-1520 affects IBM Db2 9.7, 10.1, 10.5, and 11.1. A local/remote issue allows an unauthorized command to activate the database when authentication type is CLIENT. CVSS v3 base score is 3.7 (low); vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N. IBM bulletins document multiple fix-pack remediat...

4.3CVSS5.6AI score0.01305EPSS
CVE
CVE
added 2017/09/12 9:0 p.m.55 views

CVE-2017-1438

CVE-2017-1438 is an IBM DB2 LUW local privilege-escalation vulnerability. Reports indicate a local user with DB2 instance owner privileges could obtain root access on DB2 LUW servers (versions 9.7, 10.1, 10.5, 11.1; includes DB2 Connect Server). Public details describe the underlying issue as a p...

7.2CVSS6.6AI score0.00379EPSS
CVE
CVE
added 2017/09/12 9:0 p.m.55 views

CVE-2017-1519

This CVE-2017-1519 affects IBM DB2 10.5 and 11.1 (including DB2 Connect Server). It is a denial-of-service vulnerability where a remote attacker can disrupt service given a specific configuration. IBM security bulletins specify remediations: apply DB2 fixes FP9 for V10.5 (10.5 FP9) and FP2 for V1...

5.9CVSS6AI score0.01732EPSS