CVE-2008-0699 — Code Injection in IBM DB2

CWE-94 — Code Injection6 documents3 sources

Severity

9.0CRITICALNVD

EPSS

7.6%

top 8.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedFeb 12

Latest updateMay 3

Description

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/db24 versions+3

Patches

Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-xr89-gv52-97x5: Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC↗2022-05-03

▶

GHSA

GHSA-fm4j-wr6m-32wg: Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9↗2022-05-01

▶

CVEList

CVE-2008-1997: Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9↗2008-04-28

▶

CVEList

CVE-2008-0699: Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC↗2008-02-12

▶