1. CVE-Search
  2. CVE-2008-0699
ID CVE-2008-0699
Summary Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp10:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp10:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp11:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp11:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp12:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp12:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp13:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp13:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp14:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp14:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp15:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp15:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp16:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp16:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp2:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp2:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp4:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp5:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp5:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp6:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp6:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp7:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp7:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp8:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp8:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.2:fp9:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.2:fp9:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 01-11-2018 - 15:01)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
aixapar
  • IZ06972
  • IZ06973
  • IZ10917
bugtraq 20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures
confirm ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
misc http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml
osvdb 41795
secunia
  • 28771
  • 29022
  • 29784
vupen ADV-2008-0401
Last major update 01-11-2018 - 15:01
Published 12-02-2008 - 01:00
Last modified 01-11-2018 - 15:01
Back to Top