CVE-2008-1997

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-04-2008 10:05

Last modified: - 17-01-2023 06:19

Total changes: - 2

Description

Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.0

Base score

8.0

10.0

Exploitability score

Impact score

Verification logic

Reference

IZ06972-Vendor Advisory
29022-Not Applicable
http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml
3841-Issue Tracking, Third Party Advisory
20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures-Third Party Advisory, VDB Entry

Keywords

CVE-2008-1997

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2008-1997

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures