PT-2015-4117 · Ibm · Ibm Db2
Publicado
2015-07-20
·
Atualizado
2017-09-22
·
CVE-2014-8910
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM DB2 versions 9.7 through 9.7 FP10
IBM DB2 versions 9.8 through 9.8 FP5
IBM DB2 versions 10.1 through 10.1 FP4
IBM DB2 versions 10.5 through 10.5 FP5
Description
The issue allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.
Recommendations
For IBM DB2 version 9.7, update to at least FP11.
For IBM DB2 version 9.8, update to at least FP6.
For IBM DB2 version 10.1, update to at least FP5.
For IBM DB2 version 10.5, update to at least FP6.
Correção
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Db2