CVE-2014-0919

EUVD-2014-0949
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
ibmdb2
9.5
ibmdb2
9.5
ibmdb2
9.5
ibmdb2
9.5
ibmdb2
9.5
ibmdb2
9.7
ibmdb2
9.7
ibmdb2
9.7
ibmdb2
9.7
ibmdb2
9.7
ibmdb2
9.8
ibmdb2
9.8
ibmdb2
9.8
ibmdb2
9.8
ibmdb2
9.8
ibmdb2
10.1
ibmdb2
10.1
ibmdb2
10.1
ibmdb2
10.1
ibmdb2
10.1
ibmdb2
10.5
ibmdb2
10.5
ibmdb2
10.5
ibmdb2
10.5
ibmdb2
10.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
db2exc
precise
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
db2exc-amd64
precise
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554
http://www-01.ibm.com/support/docview.wss?uid=swg21698021
http://www.securityfocus.com/bid/74217
http://www.securitytracker.com/id/1032247
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554
http://www-01.ibm.com/support/docview.wss?uid=swg21698021
http://www.securityfocus.com/bid/74217
http://www.securitytracker.com/id/1032247