Detections
Analytics

CVE-2014-3095

medium

Description

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/94263

http://www.securityfocus.com/bid/69546

http://www-01.ibm.com/support/docview.wss?uid=swg21683297

http://www-01.ibm.com/support/docview.wss?uid=swg21681623

http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646

http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645

http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644

http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643

http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433

http://secunia.com/advisories/60845

http://secunia.com/advisories/58725

Details

Source: Mitre, NVD

Published: 2014-09-04

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium