CVE-2014-0919

MEDIUM

Description

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.

References

http://www.securityfocus.com/bid/74217

http://www.securitytracker.com/id/1032247

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553

http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554

http://www-01.ibm.com/support/docview.wss?uid=swg21698021

Details

Source: MITRE

Published: 2015-05-08

Updated: 2016-11-28

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM