← Back

CVE-2014-8910

nvd nist
Published: Jul 20, 2015Modified: May 6, 2026

JSON object

Loading...
4.0
Vector
AV:N/AC:L/Au:S/C:P/I:N/A:N
Exploitability: 8.0 / Impact: 2.9
Source: NVD

Description

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

Affected (20)

Products: Ibm: Db2
Ibm
1 product
Db2
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Db2
Version 10.1
Db2
Version 10.1
Db2
Version 10.1
Db2
Version 10.1
Db2
Version 10.1
Db2
Version 10.5
Db2
Version 10.5
Db2
Version 10.5
Db2
Version 10.5
Db2
Version 10.5
Db2
Version 9.7
Db2
Version 9.7
Db2
Version 9.7
Db2
Version 9.7
Db2
Version 9.7
Db2
Version 9.8
Db2
Version 9.8
Db2
Version 9.8
Db2
Version 9.8
Db2
Version 9.8

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (14)

Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.