CVE-2010-3736 — Cross-site Scripting in IBM DB2

CWE-399 CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 38.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedOct 5

Latest updateMay 17

Description

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/db29.5

🔴Vulnerability Details

GHSA

GHSA-v7j4-j98v-vm6c: Memory leak in the Relational Data Services component in IBM DB2 UDB 9↗2022-05-17

▶

CVEList

CVE-2010-3736: Memory leak in the Relational Data Services component in IBM DB2 UDB 9↗2010-10-05

▶

📋Vendor Advisories

Red Hat

firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)↗2010-03-23

▶