CVE-2012-0712

medium

Description

The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450

https://exchange.xforce.ibmcloud.com/vulnerabilities/73496

http://www-01.ibm.com/support/docview.wss?uid=swg21588098

http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837

http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380

http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379

Details

Source: Mitre, NVD

Published: 2012-03-20

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H