CVE-2008-0699
HIGH severity · CVSS 9
9CVSS HIGH
Summary
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)5%
AV:N/AC:L/Au:S/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972 ↗
Additional information
- NVD record
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972Patch
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973Patch
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917Patch
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXTAdvisory
- http://osvdb.org/41795
- http://secunia.com/advisories/28771Advisory
- http://secunia.com/advisories/29022Advisory
- http://secunia.com/advisories/29784Advisory