6

CVE-2008-2154

IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 Version8.0 Updatefp1
IbmDb2 Version8.0 Updatefp10
IbmDb2 Version8.0 Updatefp11
IbmDb2 Version8.0 Updatefp12
IbmDb2 Version8.0 Updatefp13
IbmDb2 Version8.0 Updatefp14
IbmDb2 Version8.0 Updatefp15
IbmDb2 Version8.0 Updatefp16
IbmDb2 Version9.1 Updatefp1
IbmDb2 Version9.1 Updatefp2
IbmDb2 Version9.1 Updatefp3
IbmDb2 Version9.1 Updatefp3a
IbmDb2 Version9.1 Updatefp4
IbmDb2 Version9.1 Updatefp4a
IbmDb2 Version9.5 Updatefp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.34% 0.677
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
Patch
Vendor Advisory
http://secunia.com/advisories/31787
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21318189
Patch
http://osvdb.org/48147
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35409
https://exchange.xforce.ibmcloud.com/vulnerabilities/51105