Detections
Analytics
IBM DB2 9.5 < Fix Pack 10 Multiple Vulnerabilities
high Nessus Plugin ID 62629
Language:
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
According to its version, the installation of IBM DB2 9.5 running on the remote host is affected by one or more of the following issues :- An unspecified information disclosure error exists related to the XML feature that can allow improper access to arbitrary XML files. (#IC81461, CVE-2012-0713)
- An error exists related to the stored procedure 'SQLJ.DB2_INSTALL_JAR' that can allow 'JAR' files to be overwritten. Note that this issue only affects Windows hosts. (#IC84711, CVE-2012-2194)
- An error exists related to the stored procedures 'GET_WRAP_CFG_C' and 'GET_WRAP_CFG_C2' that can allow unauthorized access to XML files. (#IC84712, CVE-2012-2196)
- An error exists related to the Java stored procedure infrastructure that can allow stack-based buffer overflows. (#IC84752, CVE-2012-2197)
Solution
Apply IBM DB2 version 9.5 Fix Pack 10 or later.See Also
http://www-01.ibm.com/support/docview.wss?uid=swg24033308
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81461
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
Plugin Details
Severity: High
ID: 62629
File Name: db2_95fp10.nasl
Version: 1.13
Type: remote
Family: Databases
Published: 10/18/2012
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.1
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:db2
Exploit Ease: No known exploits are available
Patch Publication Date: 8/20/2012
Vulnerability Publication Date: 5/31/2012
Reference Information
CVE: CVE-2012-0713, CVE-2012-2194, CVE-2012-2196, CVE-2012-2197