CVE-2008-1998IBM DB2 vulnerability

CWE-2644 documents4 sources
Severity
8.5HIGHNVD
EPSS
1.9%
top 16.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedApr 28
Latest updateMay 1

Description

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

NVDibm/db28.0, 9.1, 9.5+2

🔴Vulnerability Details

2
GHSA
GHSA-c95g-rpjx-pm4h: The NNSTAT (aka SYSPROC2022-05-01
CVEList
CVE-2008-1998: The NNSTAT (aka SYSPROC2008-04-28

💥Exploits & PoCs

1
Exploit-DB
DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities2008-04-02
CVE-2008-1998 — IBM DB2 vulnerability | cvebase