Vulnerability Name: CVE-2008-6820 (CCN-51107) Assigned: 2008-09-05 Published: 2008-09-05 Updated: 2009-08-12 Summary: The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856 . CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-16 Vulnerability Consequences: Other References: Source: CONFIRMftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT CVE-2008-6820 48149 JR30026 SECURITY VULNERABILITY: DB2FMP PROCESS ON WINDOWS RUNNING WITH OS PRIVILEGE. JR30227 SECURITY VULNERABILITY: DB2FMP PROCESS ON WINDOWS RUNNING WITH OS PRIVILEGE. SECURITY VULNERABILITY: DB2FMP PROCESS ON WINDOWS RUNNING WITH OS PRIVILEGE. JR30228 ecurity Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and Windows Version 8 Fix Pack 17 and Version 9.5 Fix Pack 2 http://www-01.ibm.com/support/docview.wss?uid=swg21318189 IBM DB2 Universal Database on Windows DB2FMP Unspecified Issue 31058 IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities db2-db2fmp-unspecified(51107) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:db2:8.0:fp1:*:*:*:*:*:* OR cpe:/a:ibm:db2:8.0:fp10:*:*:*:*:*:* OR cpe:/a:ibm:db2:8.0:fp11:*:*:*:*:*:* OR cpe:/a:ibm:db2:8.0:fp12:*:*:*:*:*:* OR cpe:/a:ibm:db2:8.0:fp13:*:*:*:*:*:* OR cpe:/a:ibm:db2:8.0:fp14:*:*:*:*:*:* OR cpe:/a:ibm:db2:8.0:fp15:*:*:*:*:*:* OR cpe:/a:ibm:db2:8.0:fp16:*:*:*:*:*:* OR cpe:/a:ibm:db2:9.1:fp1:*:*:*:*:*:* OR cpe:/a:ibm:db2:9.1:fp2:*:*:*:*:*:* OR cpe:/a:ibm:db2:9.1:fp3:*:*:*:*:*:* OR cpe:/a:ibm:db2:9.1:fp3a:*:*:*:*:*:* OR cpe:/a:ibm:db2:9.1:fp4:*:*:*:*:*:* OR cpe:/a:ibm:db2:9.1:fp4a:*:*:*:*:*:* OR cpe:/a:ibm:db2:9.5:fp1:*:*:*:*:*:* AND cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:db2_universal_database:9.1:fp4:*:*:*:*:*:* OR cpe:/a:ibm:db2_universal_database:9.1:fp3:aix:*:*:*:*:* OR cpe:/a:ibm:db2_universal_database:9.1::fp2:*:*:*:*:* OR cpe:/a:ibm:db2_universal_database:8.0:fp14:*:*:*:*:*:* OR cpe:/a:ibm:db2_universal_database:8.0:fp13:*:*:*:*:*:* OR cpe:/a:ibm:db2_universal_database:9.1::fp3a:*:*:*:*:* OR cpe:/a:ibm:db2_universal_database:9.1:fp4a:*:*:*:*:*:* OR cpe:/a:ibm:db2_universal_database:9.5:fp1:*:*:*:*:*:* BACK
ibm db2 8.0 fp1
ibm db2 8.0 fp10
ibm db2 8.0 fp11
ibm db2 8.0 fp12
ibm db2 8.0 fp13
ibm db2 8.0 fp14
ibm db2 8.0 fp15
ibm db2 8.0 fp16
ibm db2 9.1 fp1
ibm db2 9.1 fp2
ibm db2 9.1 fp3
ibm db2 9.1 fp3a
ibm db2 9.1 fp4
ibm db2 9.1 fp4a
ibm db2 9.5 fp1
microsoft windows *
ibm db2 universal database 9.1 fp4
ibm db2 universal database 9.1 fp3
ibm db2 universal database 9.1
ibm db2 universal database 8.0 fp14
ibm db2 universal database 8.0 fp13
ibm db2 universal database 9.1
ibm db2 universal database 9.1 fp4a
ibm db2 universal database 9.5 fp1
Denotes that component is vulnerable