CVE-2010-2090

EPSS 1.34%
Published 27.05.2010 19:30:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Communications Server Version6.1.3

Microsoft ≫ Windows

Ibm ≫ Communications Server Version6.3.1.0

Microsoft ≫ Windows

Ibm ≫ Communications Server Version6.1.3

Ibm ≫ Aix

Ibm ≫ Communications Server Version6.3.1.0

Ibm ≫ Aix

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.34%	0.782

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/39909

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810

http://www-01.ibm.com/support/docview.wss?uid=swg1JR36026

http://www-01.ibm.com/support/docview.wss?uid=swg24013012

http://www.securityfocus.com/bid/40372

http://www.vupen.com/english/advisories/2010/1244

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/58874

https://nvd.nist.gov/vuln/detail/CVE-2010-2090

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2090

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2090

EUVD