Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-6744


The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.


Published

2014-05-30T23:55:02.457

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 8.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

6.8

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm db2 9.5 Yes
Application ibm db2 9.7 Yes
Application ibm db2 9.7.0.1 Yes
Application ibm db2 9.7.0.2 Yes
Application ibm db2 9.7.0.3 Yes
Application ibm db2 9.7.0.4 Yes
Application ibm db2 9.7.0.5 Yes
Application ibm db2 9.7.0.6 Yes
Application ibm db2 9.7.0.7 Yes
Application ibm db2 9.7.0.8 Yes
Application ibm db2 9.7.0.9 Yes
Application ibm db2 10.1 Yes
Application ibm db2 10.1.0.1 Yes
Application ibm db2 10.1.0.2 Yes
Application ibm db2 10.1.0.3 Yes
Application ibm db2 10.5 Yes
Application ibm db2 10.5.0.1 Yes
Application ibm db2 10.5.0.2 Yes
Operating System microsoft windows * No

References