fkie_cve-2019-4101
Vulnerability from fkie_nvd
Published
2019-07-01 15:15
Modified
2024-11-21 04:43
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/109021Broken Link
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/158091VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10880741Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/109021Broken Link
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/158091VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10880741Vendor Advisory
Impacted products
Vendor Product Version
ibm db2 9.7.0.0
ibm db2 9.7.0.1
ibm db2 9.7.0.2
ibm db2 9.7.0.3
ibm db2 9.7.0.4
ibm db2 9.7.0.5
ibm db2 9.7.0.6
ibm db2 9.7.0.7
ibm db2 9.7.0.8
ibm db2 9.7.0.9
ibm db2 9.7.0.10
ibm db2 9.7.0.11
ibm db2 10.1.0.0
ibm db2 10.1.0.1
ibm db2 10.1.0.2
ibm db2 10.1.0.3
ibm db2 10.1.0.4
ibm db2 10.1.0.5
ibm db2 10.1.0.6
ibm db2 10.5.0.0
ibm db2 10.5.0.1
ibm db2 10.5.0.2
ibm db2 10.5.0.3
ibm db2 10.5.0.4
ibm db2 10.5.0.5
ibm db2 10.5.0.6
ibm db2 10.5.0.7
ibm db2 10.5.0.8
ibm db2 10.5.0.9
ibm db2 10.5.0.10
ibm db2 11.1.0.0
ibm db2 11.1.1.1
ibm db2 11.1.2.2
ibm db2 11.1.3.3
ibm db2 11.1.4.4
linux linux_kernel -
microsoft windows -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19D90B2-0B71-498B-8428-B27950E1D2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E036B621-7EE1-41E0-AAEC-D13FCB17B2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB95E38-7A78-4798-B0E2-814DAE1153A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B95F778-8E2B-4A6D-BA3B-254F87B492BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B40593-EA0D-4134-BBA0-35DA70D3C6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "177780EE-76F9-41D9-83C9-48C5DFCF8702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E38BC34-066B-4B4D-929F-4E5C6BCB1442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23910ECC-960A-44DF-BA8D-C1553D088EAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 10.1, 10.5, y 11.1 es vulnerable a un ataque de Denegaci\u00f3n de Servicio. Los usuarios que tienen EXECUTE en PD_GET_DIAG_HIST y el acceso al directorio de diagn\u00f3stico en el servidor de DB2 pueden hacer que la instancia falle. ID de IBM X-Force: 158091."
    }
  ],
  "id": "CVE-2019-4101",
  "lastModified": "2024-11-21T04:43:10.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-01T15:15:12.020",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/109021"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/109021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880741"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.