Skip to main content

Db2 CVE-2015-1935

HIGH
DEPRECATED: Code (CWE-17)
2015-07-20 psirt@us.ibm.com
8.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
8.0 HIGH
AV:N/AC:L/Au:S/C:P/I:P/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:P/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
C

Lifecycle Timeline

1
CVE Published
Jul 20, 2015 - 01:59 cve.org
HIGH 8.0

DescriptionCVE.org

The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.

AnalysisAI

The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-17. The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. Affected products include: Ibm Db2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Db2

View all
CVE-2012-4826 HIGH
8.5 Oct 20

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IB

CVE-2017-1297 HIGH POC
7.3 Jun 27

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-bas

CVE-2014-3094 HIGH
8.5 Sep 04

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux

CVE-2012-1797 CRITICAL
10.0 Mar 20

IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. Rated critic

CVE-2026-10109 CRITICAL
9.8 Jun 30

Remote code execution in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 lets unauthenticated network attackers run arbitrary co

CVE-2012-2197 HIGH
7.1 Jul 25

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7

CVE-2012-3324 CRITICAL
9.0 Sep 25

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows re

CVE-2018-1426 CRITICAL
9.1 Mar 22

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system

CVE-2012-0711 HIGH
7.5 Mar 20

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.

CVE-2013-6744 HIGH
8.5 May 30

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows a

CVE-2023-27869 HIGH
8.8 Jul 10

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker

CVE-2023-27868 HIGH
8.8 Jul 10

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker

Share

CVE-2015-1935 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy