Lucene search

Ubuntu.comUB:CVE-2014-8910

HistoryJul 20, 2015 - 12:00 a.m.

CVE-2014-8910

2015-07-2000:00:00

ubuntu.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.1%

JSON

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5
through FP5 on Linux, UNIX, and Windows allows remote authenticated users
to read arbitrary text files via a crafted XML/XSLT function in a SELECT
statement.

Notes

Author	Note
sbeattie	DB2 is in the partner archive for the 12.04 LTS release

References

www-01.ibm.com/support/docview.wss?uid=swg1IT06353

www-01.ibm.com/support/docview.wss?uid=swg1IT06354

www-01.ibm.com/support/docview.wss?uid=swg1IT06355

www-01.ibm.com/support/docview.wss?uid=swg1IT06356

www-01.ibm.com/support/docview.wss?uid=swg21697988

launchpad.net/bugs/cve/CVE-2014-8910

nvd.nist.gov/vuln/detail/CVE-2014-8910

security-tracker.debian.org/tracker/CVE-2014-8910

www.cve.org/CVERecord?id=CVE-2014-8910

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.1%

JSON

Related for UB:CVE-2014-8910