3.5
CVE-2014-3095
- EPSS 2.12%
- Veröffentlicht 04.09.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.12% | 0.795 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/60845
http://secunia.com/advisories/58725
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646
http://www-01.ibm.com/support/docview.wss?uid=swg21681623
http://www-01.ibm.com/support/docview.wss?uid=swg21683297
http://www.securityfocus.com/bid/69546
https://exchange.xforce.ibmcloud.com/vulnerabilities/94263