CVE-2013-6744

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.

CVSS v2.0 8.5 HIGH

8.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481
http://www.ibm.com/support/docview.wss?uid=swg1IC99480	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21610582#4
http://www.ibm.com/support/docview.wss?uid=swg21673947
https://exchange.xforce.ibmcloud.com/vulnerabilities/89860

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:db2:9.5:::::::*
	cpe:2.3:a:ibm:db2:9.7:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.1:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.2:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.3:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.4:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.5:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.6:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.7:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.8:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.9:::::::*
	cpe:2.3:a:ibm:db2:10.1:::::::*
	cpe:2.3:a:ibm:db2:10.1.0.1:::::::*
	cpe:2.3:a:ibm:db2:10.1.0.2:::::::*
	cpe:2.3:a:ibm:db2:10.1.0.3:::::::*
	cpe:2.3:a:ibm:db2:10.5:::::::*
	cpe:2.3:a:ibm:db2:10.5.0.1:::::::*
	cpe:2.3:a:ibm:db2:10.5.0.2:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-05-30 23:55

Updated : 2023-12-10 11:31

NVD link : CVE-2013-6744

Mitre link : CVE-2013-6744

CVE.ORG link : CVE-2013-6744

JSON object : View

Products Affected

microsoft

windows

ibm

db2

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-6744", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2014-05-30T23:55:02.457", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481", "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC99480", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21610582#4", "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21673947", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89860", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority."}, {"lang": "es", "value": "La infraestructura Stored Procedure en IBM DB2 9.5, 9.7 anterior a FP9a, 10.1 anterior a FP3a y 10.5 anterior a FP3a en Windows permite a usuarios remotos autenticados ganar privilegios mediante el aprovechamiento del privilegio CONNECT y la autoridad CREATE_EXTERNAL_ROUTINE."}], "lastModified": "2017-08-29T01:34:00.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F"}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B"}, {"criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B"}, {"criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5"}, {"criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E"}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368"}, {"criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3"}, {"criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}