VulDB: IBM DB2 Universal Database up to 8.2 FP16 DB2 Commands Umgehungs-Angriff
General
scipID: 3576
Affected: IBM DB2 Universal Database up to 8.2 FP16
Published: 02/04/2008
Risk: 
problematic
Entry: 82.8% complete
Created: 02/18/2008
Updated: 09/03/2012
Summary
A vulnerability, which was classified as problematic, was found in IBM DB2 Universal Database up to 8.2 FP16. Affected is an unknown function of the component DB2 Commands. The manipulation with an unknown input leads to a umgehungs-angriff vulnerability. The impact remains unknown.
The weakness was released 02/04/2008 with IBM. The advisory is shared for download at www-1.ibm.com. This vulnerability is traded as CVE-2008-0697 since 02/11/2008. It is possible to launch the attack remotely. There are neither technical details nor an exploit publicly available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at www-1.ibm.com. The vulnerability is also documented in the vulnerability database at Secunia (SA28771).CVSS
Base Score: 4.9 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Umgehungs-Angriff
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Upgrade
0-Day Time: 0 days since found
Patch: www-1.ibm.com
Timeline
02/04/2008 | Advisory disclosed
02/11/2008 | CVE assigned
02/18/2008 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: www-1.ibm.com
Company: IBM
CVE: CVE-2008-0697 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 28771
