Vulnerability Details CVE-2014-8910
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.9%
CVSS Severity
CVSS v2 Score 4.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356
- http://www-01.ibm.com/support/docview.wss?uid=swg21697988
- http://www.securityfocus.com/bid/75949
- http://www.securitytracker.com/id/1032883
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356
- http://www-01.ibm.com/support/docview.wss?uid=swg21697988
- http://www.securityfocus.com/bid/75949
- http://www.securitytracker.com/id/1032883