Vulnerability Name: | CVE-2013-3475 (CCN-84358) | ||||||||
Assigned: | 2013-05-31 | ||||||||
Published: | 2013-05-31 | ||||||||
Updated: | 2018-09-25 | ||||||||
Summary: | Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21639355 'The following IBM DB2 and DB2 Connect V9.1, V9.5, V9.7 and V10.1 editions running on AIX, Linux, HP and Solaris (this vulnerability is not applicable to DB2 on Windows.).' | ||||||||
CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
4.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-119 | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-3475 Source: CCN Type: SA52663 IBM DB2 / DB2 Connect db2aud Privilege Escalation Vulnerability Source: SECUNIA Type: Vendor Advisory 52663 Source: CCN Type: SA53704 IBM Smart Analytics System Series db2aud Privilege Escalation Vulnerability Source: SECUNIA Type: Vendor Advisory 53704 Source: AIXAPAR Type: UNKNOWN IC92463 Source: AIXAPAR Type: UNKNOWN IC92495 Source: AIXAPAR Type: UNKNOWN IC92496 Source: AIXAPAR Type: UNKNOWN IC92498 Source: CCN Type: IBM Security Bulletin 1639194 IBM Smart Analytics System 7600, 7700, and 7710 are affected by a privilege escalation vulnerability in the DB2 Audit Facility (CVE-2013-3475) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21639194 Source: CCN Type: IBM Security Bulletin 1639355 Privilege escalation vulnerability in IBM DB2's Audit Facility (CVE-2013-3475) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21639355 Source: CCN Type: IBM Security Bulletin 1640925 IBM InfoSphere Balanced Warehouse C3000 and C4000, IBM Smart Analytics System 1050, 2050, and 5710 systems are affected by privilege escalation vulnerability in IBM DB2 for Linux, Unix, and Windows Audit Facility (CVE-2013-3475) Source: CCN Type: IBM Security Bulletin 1644329 IBM InfoSphere Balanced Warehouse D5100 and IBM Smart Analytics System 5600 are affected by a privilege escalation vulnerability in the DB2 Audit Facility (CVE-2013-3475) Source: BID Type: UNKNOWN 60255 Source: CCN Type: BID-60255 IBM DB2 and DB2 Connect Audit Facility Local Privilege Escalation Vulnerability Source: XF Type: UNKNOWN db2-cve20133475-bo(84358) Source: XF Type: UNKNOWN ibm-db2-cve20133475-bo(84358) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |