Vulnerability Details : CVE-2014-0919
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.
Vulnerability category: Information leak
Products affected by CVE-2014-0919
- cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*
Threat overview for CVE-2014-0919
Top countries where our scanners detected CVE-2014-0919
Top open port discovered on systems with this issue
523
IPs affected by CVE-2014-0919 39
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-0919!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-0919
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0919
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-0919
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0919
-
http://www.securityfocus.com/bid/74217
Malformed Request
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07547
IBM IT07547: SECURITY: IBM DB2 LUW contains a sensitive information exposure vulnerability in the monitoring and audit feature(CVE-2014-0919)
-
http://www-01.ibm.com/support/docview.wss?uid=swg21698021
IBM Security Bulletin: IBM® DB2® contains a sensitive information exposure vulnerability in the monitoring and audit feature (CVE-2014-0919)Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07554
IBM IT07554: SECURITY: IBM DB2 LUW contains a sensitive information exposure vulnerability in the monitoring and audit feature(CVE-2014-0919)
-
http://www.securitytracker.com/id/1032247
IBM DB2 Audit and Monitoring Facility Discloses Passwords to Remote Authenticated Users - SecurityTracker
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07397
IBMid - Sign in or create an IBMid
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07552
IBMid - Sign in or create an IBMid
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07553
IBM IT07553: SECURITY: DB2 contains a sensitive information exposure vulnerab ility in the monitoring and audit feature (CVE-2014-0919)
Jump to