CVE-2005-4871 — IBM DB2 vulnerability

CWE-2643 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 43.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedDec 31

Latest updateMay 1

Description

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/db28.1

Patches

Patch: secunia.com ↗Patch: www.ngssoftware.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-x59g-h3vc-hf9j: Certain XML functions in IBM DB2 8↗2022-05-01

▶

CVEList

CVE-2005-4871: Certain XML functions in IBM DB2 8↗2007-10-06

▶