CVE-2014-0919

medium

Description

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.

References

http://www.securitytracker.com/id/1032247

http://www.securityfocus.com/bid/74217

http://www-01.ibm.com/support/docview.wss?uid=swg21698021

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397

Details

Source: Mitre, NVD

Published: 2015-05-08

Updated: 2016-11-28

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium