Vulnerability Description
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.
CVSS Score
4.0
MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 9.7 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356
- http://www-01.ibm.com/support/docview.wss?uid=swg21697988PatchVendor Advisory
- http://www.securityfocus.com/bid/75949
- http://www.securitytracker.com/id/1032883
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356
- http://www-01.ibm.com/support/docview.wss?uid=swg21697988PatchVendor Advisory
- http://www.securityfocus.com/bid/75949
- http://www.securitytracker.com/id/1032883
FAQ
What is CVE-2014-8910?
CVE-2014-8910 is a vulnerability with a CVSS score of 4.0 (MEDIUM). IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT funct...
How severe is CVE-2014-8910?
CVE-2014-8910 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8910?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.