CVE-2008-1997Code Injection in IBM DB2

CWE-94Code Injection3 documents3 sources
Severity
9.0CRITICALNVD
EPSS
3.0%
top 13.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedApr 28
Latest updateMay 1

Description

Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDibm/db28.0, 9.1, 9.5+2

🔴Vulnerability Details

2
GHSA
GHSA-fm4j-wr6m-32wg: Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 92022-05-01
CVEList
CVE-2008-1997: Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 92008-04-28
CVE-2008-1997 — Code Injection in IBM DB2 | cvebase