ID CVE-2008-2154
Summary IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp16:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp16:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 08-08-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
aixapar
  • IZ21983
  • IZ22142
  • IZ22143
bid 35409
confirm
osvdb 48147
secunia 31787
xf db2-installjar-priv-escalation(51105)
Last major update 08-08-2017 - 01:30
Published 03-06-2009 - 21:00
Last modified 08-08-2017 - 01:30
Back to Top