Vulnerability Details : CVE-2014-6209
IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-6209
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
Threat overview for CVE-2014-6209
Top countries where our scanners detected CVE-2014-6209
Top open port discovered on systems with this issue
523
IPs affected by CVE-2014-6209 40
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-6209!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-6209
17.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6209
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-6209
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6209
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645
IBM IT05645: SECURITY: ALTER TABLE on an identity column may cause DB2 to terminate (CVE-2014-6209).
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647
IBM IT05647: SECURITY: ALTER TABLE on an identity column may cause DB2 to terminate (CVE-2014-6209).
-
http://www.securityfocus.com/bid/71729
Multiple IBM DB2 Products CVE-2014-6209 Remote Denial of Service Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98684
IBM DB2 ALTER TABLE identity column denial of service CVE-2014-6209 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21690787
IBM Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement on identity column may cause the DB2 server to terminate abnormally. (CVE-2014-6209)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21693197
IBM Security Bulletin: Infosphere BigInsights contains multiple vulnerabilities in which an ALTER TABLE statement may cause the Big SQL server to terminate abnormally. (CVE-2014-6159, CVE-2014-6209, C
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786
IBM IT04786: SECURITY: ALTER TABLE on an identity column may cause DB2 to terminate (CVE-2014-6209).
-
http://www.securitytracker.com/id/1034571
IBM DB2 ALTER TABLE Statement Processing Bug Lets Remote Authenticated Users Cause the Target Service to Crash - SecurityTracker
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646
IBMid - Sign in or create an IBMid
-
http://secunia.com/advisories/62092
Sign in
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644
IBMid - Sign in or create an IBMid
Jump to