Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

IBM DB2 UDB Multiple Unspecified Vulnerabilities (Linux)

Information

Severity

Severity

Critical

Family

Family

Databases

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

3 years ago

Summary

The host is installed with IBM DB2 and is prone to multiple vulnerabilities.

Insight

Insight

The flaws are due to: - An unspecified error in the Engine Utilities component, causes segmentation fault by modifying the db2ra data stream sent in a request from the load utility. - An unspecified error in 'db2licm' within the Engine Utilities component it has unknown impact and local attack vectors. - An unspecified error in the DRDA Services componenta, causes the server trap by calling a SQL stored procedure in unknown circumstances. - An error in relational data services component, allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. - Multiple unspecified errors in bundled stored procedures in the Spatial Extender component, have unknown impact and remote attack vectors. - An unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component, allows to cause a denial of service (instance crash) by compiling a SQL query

Affected Software

Affected Software

IBM DB2 version 9.5 prior to Fixpak 5

Solution

Solution

Update IBM DB2 9.5 Fixpak 5.