| Vulnerability Name: | CVE-2015-1883 (CCN-101239) | ||||||||
| Assigned: | 2015-07-10 | ||||||||
| Published: | 2015-07-10 | ||||||||
| Updated: | 2017-09-22 | ||||||||
| Summary: | IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-1883 Source: AIXAPAR Type: UNKNOWN IT08075 Source: AIXAPAR Type: Vendor Advisory IT08080 Source: AIXAPAR Type: UNKNOWN IT08085 Source: AIXAPAR Type: UNKNOWN IT08086 Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21698308 Source: CCN Type: IBM Security Bulletin 1698308 IBM DB2 contains a file disclosure vulnerability in the database automated maintenance feature (CVE-2015-1883) Source: CCN Type: IBM Security Bulletin 1966964 Infosphere BigInsights is affected by multiple IBM DB2 advisories (CVE-2014-8910, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935). Source: BID Type: UNKNOWN 75946 Source: CCN Type: BID-75946 Multiple IBM DB2 Products CVE-2015-1883 File Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN 1032881 Source: XF Type: UNKNOWN ibm-db2-cve20151883-info-disc(101239) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||