IBM Security Bulletin: IBM® DB2® contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910)
|
System information
|
|
|
Affected software |
IBM |
Description
|
IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SELECT statement with XML/XSLT function to read arbitrary text files owned by the DB2 instance owner. On Windows, the attacker is able to read arbitrary text files on the system. CVE(s): CVE-2014-8910 Affected product(s) and affected version(s): All fix pack levels of IBM DB2 V9.7, V10.1 and V10.5 editions listed below and running on AIX,
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_db2_contains_a_file_disclosure_vulnerability_using_a_select_statement_with_xml_xslt_function_cve_2014_89101?lang=en_us |
Standar resources
|
Property |
Value |
CVE |
CVE-2014-8910 and CVE-2015-4000. |