4

CVE-2014-8910

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

Data is provided by the National Vulnerability Database (NVD)
IbmDb2 Version9.7 SwEditionadvanced_enterprise
IbmDb2 Version9.7 SwEditionadvanced_workgroup
IbmDb2 Version9.7 SwEditionenterprise
IbmDb2 Version9.7 SwEditionexpress
IbmDb2 Version9.7 SwEditionworkgroup
IbmDb2 Version9.8 SwEditionadvanced_enterprise
IbmDb2 Version9.8 SwEditionadvanced_workgroup
IbmDb2 Version9.8 SwEditionenterprise
IbmDb2 Version9.8 SwEditionexpress
IbmDb2 Version9.8 SwEditionworkgroup
IbmDb2 Version10.1 SwEditionadvanced_enterprise
IbmDb2 Version10.1 SwEditionadvanced_workgroup
IbmDb2 Version10.1 SwEditionenterprise
IbmDb2 Version10.1 SwEditionexpress
IbmDb2 Version10.1 SwEditionworkgroup
IbmDb2 Version10.5 SwEditionadvanced_enterprise
IbmDb2 Version10.5 SwEditionadvanced_workgroup
IbmDb2 Version10.5 SwEditionenterprise
IbmDb2 Version10.5 SwEditionexpress
IbmDb2 Version10.5 SwEditionworkgroup
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.25% 0.478
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.