4

CVE-2011-4890

The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSoliddb Version <= 6.5.0.8
IbmSoliddb Version6.5.0.0
IbmSoliddb Version6.5.0.1
IbmSoliddb Version6.5.0.2
IbmSoliddb Version6.5.0.3
IbmSoliddb Version6.5.0.4
IbmSoliddb Version6.5.0.5
IbmSoliddb Version6.5.0.6
IbmSoliddb Version6.5.0.7
IbmSoliddb Version7.0.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.12% 0.795
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/47654
http://www-01.ibm.com/support/docview.wss?uid=swg1IC79861
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80675
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27021052#if5
http://www.ibm.com/support/docview.wss?uid=swg27021052
http://www.securityfocus.com/bid/51629
http://www.securitytracker.com/id?1026555
https://exchange.xforce.ibmcloud.com/vulnerabilities/72651