CVE-2014-0919
IBM DB2 9.5-10.5 - Authenticated Exposure of Sensitive Information via Monitoring and Audit Facilities
Title source: llmDescription
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.
References (8)
Core 8
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032247
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74217
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21698021
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397
Scores
EPSS
0.0190
EPSS Percentile
77.2%
Details
CWE
CWE-200
Status
published
Products (5)
ibm/db2
9.5 (5 CPE variants)
ibm/db2
9.7 (5 CPE variants)
ibm/db2
9.8 (5 CPE variants)
ibm/db2
10.1 (5 CPE variants)
ibm/db2
10.5 (5 CPE variants)
Published
May 08, 2015
Tracked Since
Feb 18, 2026