CVE-2008-1998

EUVD-2008-1996
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
ibmdb2
8.0:fp1
ibmdb2
8.0:fp10
ibmdb2
8.0:fp11
ibmdb2
8.0:fp12
ibmdb2
8.0:fp13
ibmdb2
8.0:fp14
ibmdb2
8.0:fp15
ibmdb2
8.0:fp2
ibmdb2
8.0:fp3
ibmdb2
8.0:fp4
ibmdb2
8.0:fp5
ibmdb2
8.0:fp6
ibmdb2
8.0:fp6a
ibmdb2
8.0:fp6b
ibmdb2
8.0:fp6c
ibmdb2
8.0:fp7
ibmdb2
8.0:fp7a
ibmdb2
8.0:fp7b
ibmdb2
8.0:fp8
ibmdb2
8.0:fp8a
ibmdb2
8.0:fp9
ibmdb2
8.0:fp9a
ibmdb2
9.1:fp1
ibmdb2
9.1:fp2
ibmdb2
9.1:fp3
ibmdb2
9.1:fp3a
ibmdb2
9.1:fp4
ibmdb2
9.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/29022
http://secunia.com/advisories/29784
http://securityreason.com/securityalert/3840
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776
http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml
http://www.securityfocus.com/archive/1/491073/100/0/threaded
http://www.securityfocus.com/bid/28836
https://exchange.xforce.ibmcloud.com/vulnerabilities/41960
http://secunia.com/advisories/29022
http://secunia.com/advisories/29784
http://securityreason.com/securityalert/3840
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776
http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml
http://www.securityfocus.com/archive/1/491073/100/0/threaded
http://www.securityfocus.com/bid/28836
https://exchange.xforce.ibmcloud.com/vulnerabilities/41960