9

CVE-2008-1997

Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 Version8.0 Update-
IbmDb2 Version8.0 Updatefixpak1
IbmDb2 Version8.0 Updatefixpak10
IbmDb2 Version8.0 Updatefixpak11
IbmDb2 Version8.0 Updatefixpak12
IbmDb2 Version8.0 Updatefixpak13
IbmDb2 Version8.0 Updatefixpak14
IbmDb2 Version8.0 Updatefixpak15
IbmDb2 Version8.0 Updatefixpak2
IbmDb2 Version8.0 Updatefixpak3
IbmDb2 Version8.0 Updatefixpak4
IbmDb2 Version8.0 Updatefixpak5
IbmDb2 Version8.0 Updatefixpak6
IbmDb2 Version8.0 Updatefixpak6a
IbmDb2 Version8.0 Updatefixpak6b
IbmDb2 Version8.0 Updatefixpak6c
IbmDb2 Version8.0 Updatefixpak7
IbmDb2 Version8.0 Updatefixpak7a
IbmDb2 Version8.0 Updatefixpak7b
IbmDb2 Version8.0 Updatefixpak8
IbmDb2 Version8.0 Updatefixpak8a
IbmDb2 Version8.0 Updatefixpak9
IbmDb2 Version8.0 Updatefixpak9a
IbmDb2 Version9.1 Update-
IbmDb2 Version9.1 Updatefp1
IbmDb2 Version9.1 Updatefp2
IbmDb2 Version9.1 Updatefp2a
IbmDb2 Version9.1 Updatefp3
IbmDb2 Version9.1 Updatefp3a
IbmDb2 Version9.1 Updatefp4
IbmDb2 Version9.5 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.88% 0.85
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://securityreason.com/securityalert/3841
Third Party Advisory
Issue Tracking