Vulnerability Name:

CVE-2014-6210 (CCN-98685)

Assigned:2014-12-11
Published:2014-12-11
Updated:2018-09-27
Summary:IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
6.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2014-6210

Source: SECUNIA
Type: UNKNOWN
62092

Source: AIXAPAR
Type: UNKNOWN
IC96934

Source: AIXAPAR
Type: Vendor Advisory
IT04138

Source: AIXAPAR
Type: UNKNOWN
IT05651

Source: AIXAPAR
Type: UNKNOWN
IT05652

Source: CCN
Type: IBM Security Bulletin 1690891
IBM DB2 LUW contains a vulnerability in which multiple ALTER TABLE statements may cause the DB2 server to terminate abnormally. (CVE-2014-6210)

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21690891

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21693197

Source: CCN
Type: IBM Security Bulletin 1688337
Vulnerabilities in IBM DB2 for Linux, UNIX, and Windows affects IBM PureData System for Transactions (CVE-2014-6209, CVE-2014-6210, CVE-2014-8901)

Source: CCN
Type: IBM Security Bulletin 1692047
IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700, 7710, IBM PureData System for Operational Analytics are affected by vulnerabilities in IBM DB2 (CVE-2014-6209,CVE-2014-6210)

Source: CCN
Type: IBM Security Bulletin 1693197
Infosphere BigInsights contains multiple vulnerabilities in which an ALTER TABLE statement may cause the Big SQL server to terminate abnormally. (CVE-2014-6159, CVE-2014-6209, CVE-2014-6210)

Source: BID
Type: UNKNOWN
71730

Source: CCN
Type: BID-71730
Multiple IBM DB2 Products CVE-2014-6210 Remote Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1034572

Source: XF
Type: UNKNOWN
ibm-db2-cve20146210-dos(98685)

Source: XF
Type: UNKNOWN
ibm-db2-cve20146210-dos(98685)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:db2:9.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_connect:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_connect:10.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:db2:9.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:-:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:infosphere_biginsights:3.0.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm db2 9.7
    ibm db2 9.8
    ibm db2 connect 10.1
    ibm db2 connect 10.5
    ibm db2 9.7
    ibm db2 10.1
    ibm db2 10.5
    ibm infosphere biginsights 3.0.0.0