CVE-2013-4033
Severity Score
4.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.
IBM DB2 y DB2 Connect v9.7 hasta FP8, v9.8 hasta FP5, v10.1 hasta FP2, y v10.5 hasta FP1 permiten a los usuarios remotos autenticados ejecutar instrucciones DML mediante el aprovechamiento de la autoridad "EXPLAIN".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-07 CVE Reserved
- 2013-08-28 CVE Published
- 2023-04-10 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86093 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523 | 2017-08-29 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC94756 | 2017-08-29 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC94757 | 2017-08-29 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC94758 | 2017-08-29 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21646809 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Db2 Search vendor "Ibm" for product "Db2" | 9.7 Search vendor "Ibm" for product "Db2" and version "9.7" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Search vendor "Ibm" for product "Db2" | 9.8 Search vendor "Ibm" for product "Db2" and version "9.8" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Search vendor "Ibm" for product "Db2" | 10.1 Search vendor "Ibm" for product "Db2" and version "10.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Search vendor "Ibm" for product "Db2" | 10.5 Search vendor "Ibm" for product "Db2" and version "10.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Connect Search vendor "Ibm" for product "Db2 Connect" | 9.5 Search vendor "Ibm" for product "Db2 Connect" and version "9.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Connect Search vendor "Ibm" for product "Db2 Connect" | 9.7 Search vendor "Ibm" for product "Db2 Connect" and version "9.7" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Connect Search vendor "Ibm" for product "Db2 Connect" | 9.8 Search vendor "Ibm" for product "Db2 Connect" and version "9.8" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Connect Search vendor "Ibm" for product "Db2 Connect" | 10.1 Search vendor "Ibm" for product "Db2 Connect" and version "10.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Connect Search vendor "Ibm" for product "Db2 Connect" | 10.5 Search vendor "Ibm" for product "Db2 Connect" and version "10.5" | - |
Affected
| ||||||