Vulnerability Details CVE-2008-1998
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.4%
CVSS Severity
CVSS v2 Score 8.5
References
- http://secunia.com/advisories/29022
- http://secunia.com/advisories/29784
- http://securityreason.com/securityalert/3840
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776
- http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml
- http://www.securityfocus.com/archive/1/491073/100/0/threaded
- http://www.securityfocus.com/bid/28836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41960
- http://secunia.com/advisories/29022
- http://secunia.com/advisories/29784
- http://securityreason.com/securityalert/3840
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776
- http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml
- http://www.securityfocus.com/archive/1/491073/100/0/threaded
- http://www.securityfocus.com/bid/28836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41960
Products affected by CVE-2008-1998
-
cpe:2.3:a:ibm:db2:8.0
-
cpe:2.3:a:ibm:db2:9.1
-
cpe:2.3:a:ibm:db2:9.5
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows:1.0
-
cpe:2.3:o:microsoft:windows:2.0
-
cpe:2.3:o:microsoft:windows:2000
-
cpe:2.3:o:microsoft:windows:3.0
-
cpe:2.3:o:microsoft:windows:3.1
-
cpe:2.3:o:microsoft:windows:3.11
-
cpe:2.3:o:microsoft:windows:server_2008
-
cpe:2.3:o:microsoft:windows:vista