CVE-2017-1520

Опубликовано: 12 сент. 2017

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22007186
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100684
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039308
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/129830
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22007186
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100684
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039308
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/129830
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00199

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-6rf4-w9fv-4378