CVE-2014-0919

IBM DB2 9.5-10.5 - Authenticated Exposure of Sensitive Information via Monitoring and Audit Facilities

Title source: llm
STIX 2.1

Description

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.

References (8)

Core 8
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032247
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74217
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21698021
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397

Scores

EPSS 0.0190
EPSS Percentile 77.2%

Details

CWE
CWE-200
Status published
Products (5)
ibm/db2 9.5 (5 CPE variants)
ibm/db2 9.7 (5 CPE variants)
ibm/db2 9.8 (5 CPE variants)
ibm/db2 10.1 (5 CPE variants)
ibm/db2 10.5 (5 CPE variants)
Published May 08, 2015
Tracked Since Feb 18, 2026