CVE-2008-1998

Опубликовано: 28 апр. 2008

Источник: nvd

CVSS2: 8.5

EPSS Низкий

Описание

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

Ссылки

http://secunia.com/advisories/29022
Third Party Advisory
http://secunia.com/advisories/29784
Third Party Advisory
http://securityreason.com/securityalert/3840
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776
Vendor Advisory
http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml
Third Party Advisory
http://www.securityfocus.com/archive/1/491073/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/28836
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41960
Third Party Advisory
VDB Entry
http://secunia.com/advisories/29022
Third Party Advisory
http://secunia.com/advisories/29784
Third Party Advisory
http://securityreason.com/securityalert/3840
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776
Vendor Advisory
http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml
Third Party Advisory
http://www.securityfocus.com/archive/1/491073/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/28836
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41960
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp6a:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp6b:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp6c:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp7a:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp7b:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp8a:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:8.0:fp9a:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01931

Низкий

8.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-c95g-rpjx-pm4h

github

почти 4 года назад