CVE-2014-8910 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 47%

Affected Products (NVD)

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.7
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	9.8
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

db2exc

precise	ignored
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

db2exc-amd64

precise	ignored
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

Common Weakness Enumeration

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356

http://www-01.ibm.com/support/docview.wss?uid=swg21697988

http://www.securityfocus.com/bid/75949

http://www.securitytracker.com/id/1032883

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356

http://www-01.ibm.com/support/docview.wss?uid=swg21697988

http://www.securityfocus.com/bid/75949

http://www.securitytracker.com/id/1032883