Vulnerability Details : CVE-2013-6717
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors.
Vulnerability category: Denial of service
Products affected by CVE-2013-6717
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:9.8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_purescale_feature_9.8:-:-:-:*:-:db2_enterprise_edition:*:*
Threat overview for CVE-2013-6717
Top countries where our scanners detected CVE-2013-6717
Top open port discovered on systems with this issue
523
IPs affected by CVE-2013-6717 24
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-6717!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-6717
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6717
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
References for CVE-2013-6717
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97762
IBMid - Sign in or create an IBMid
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC95641
IBM IC95641: SECURITY: QUERY WITH OLAP SPECIFICATION CAUSES DB2 SERVER TO SHUTDOWN DATABASE. (CVE-2013-6717)
-
http://www.ibm.com/support/docview.wss?uid=swg21659490
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97737
IBM IC97737: SECURITY: QUERY WITH OLAP SPECIFICATION CAUSES DB2 SERVER TO SHUTDOWN DATABASE. (CVE-2013-6717)
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97738
IBM IC97738: SECURITY: QUERY WITH OLAP SPECIFICATION CAUSES DB2 SERVER TO SHUTDOWN DATABASE. (CVE-2013-6717)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89116
IBM DB2 OLAP specification query denial of service CVE-2013-6717 Vulnerability Report
-
http://www.securityfocus.com/bid/64336
IBM DB2 and DB2 Connect CVE-2013-6717 Remote Denial of Service Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg21660041
IBM Security Bulletin: Executing a query with an OLAP specification causes the DB2 server to terminate database connections. (CVE-2013-6717)Vendor Advisory
Jump to