CVE-2013-6744

high

Description

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89860

http://www.ibm.com/support/docview.wss?uid=swg21673947

http://www.ibm.com/support/docview.wss?uid=swg21610582#4

http://www.ibm.com/support/docview.wss?uid=swg1IC99480

http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481

http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480

http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478

http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849

Details

Source: Mitre, NVD

Published: 2014-05-30

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High