Vulnerability Details : CVE-2013-3475
Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.
Vulnerability category: Overflow
Products affected by CVE-2013-3475
- cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:smart_analytics_system_7600:-:*:*:*:*:*:*:*
Threat overview for CVE-2013-3475
Top countries where our scanners detected CVE-2013-3475
Top open port discovered on systems with this issue
523
IPs affected by CVE-2013-3475 41
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-3475!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-3475
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3475
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-3475
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3475
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496
IBMid - Sign in or create an IBMid
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/84358
IBM DB2 Audit Facility privilege escalation CVE-2013-3475 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21639194
IBM Security Bulletin: IBM PureData System for Operational Analytics A1791 and IBM Smart Analytics System 7600, 7700, and 7710 are affected by a privilege escalation vulnerability in the DB2 Audit FacVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498
IBM IC92498: SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN DB2AUD AND DB2FLACC (CVE-2013-3475).
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463
IBMid - Sign in or create an IBMid
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495
IBM IC92495: SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN DB2AUD AND DB2FLACC (CVE-2013-3475).
-
http://www-01.ibm.com/support/docview.wss?uid=swg21639355
IBM Security Bulletin: Privilege escalation vulnerability in IBM DB2's Audit Facility (CVE-2013-3475).Vendor Advisory
-
http://www.securityfocus.com/bid/60255
IBM DB2 and DB2 Connect Audit Facility Local Privilege Escalation Vulnerability
Jump to