PT-2015-4117 · Ibm · Ibm Db2

Published

2015-07-20

Updated

2017-09-22

CVE-2014-8910

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.7 through 9.7 FP10 IBM DB2 versions 9.8 through 9.8 FP5 IBM DB2 versions 10.1 through 10.1 FP4 IBM DB2 versions 10.5 through 10.5 FP5

Description The issue allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

Recommendations For IBM DB2 version 9.7, update to at least FP11. For IBM DB2 version 9.8, update to at least FP6. For IBM DB2 version 10.1, update to at least FP5. For IBM DB2 version 10.5, update to at least FP6.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2014-8910

Affected Products

Ibm Db2

PT-2015-4117 · Ibm · Ibm Db2

CVE-2014-8910

Weakness Enumeration

Related Identifiers

Affected Products

References · 8