Vulnerability Details : CVE-2014-6209

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.

Vulnerability category: Input validationDenial of service

Published 2014-12-12 16:59:00

Updated 2018-09-27 10:29:00

Source IBM Corporation

View at NVD, CVE.org

Threat overview for CVE-2014-6209

Top countries where our scanners detected CVE-2014-6209

Top open port discovered on systems with this issue 523

IPs affected by CVE-2014-6209 39

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-6209!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-6209

Probability of exploitation activity in the next 30 days: 8.39%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-6209

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2014-6209

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-6209

http://www-01.ibm.com/support/docview.wss?uid=swg1IT05645

IBM IT05645: SECURITY: ALTER TABLE on an identity column may cause DB2 to terminate (CVE-2014-6209).
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05647

IBM IT05647: SECURITY: ALTER TABLE on an identity column may cause DB2 to terminate (CVE-2014-6209).
http://www.securityfocus.com/bid/71729

Multiple IBM DB2 Products CVE-2014-6209 Remote Denial of Service Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/98684

IBM DB2 ALTER TABLE identity column denial of service CVE-2014-6209 Vulnerability Report
http://www-01.ibm.com/support/docview.wss?uid=swg21690787

IBM Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement on identity column may cause the DB2 server to terminate abnormally. (CVE-2014-6209)
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21693197

IBM Security Bulletin: Infosphere BigInsights contains multiple vulnerabilities in which an ALTER TABLE statement may cause the Big SQL server to terminate abnormally. (CVE-2014-6159, CVE-2014-6209, C

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04786

IBM IT04786: SECURITY: ALTER TABLE on an identity column may cause DB2 to terminate (CVE-2014-6209).
http://www.securitytracker.com/id/1034571

IBM DB2 ALTER TABLE Statement Processing Bug Lets Remote Authenticated Users Cause the Target Service to Crash - SecurityTracker
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05646

IBMid - Sign in or create an IBMid
http://secunia.com/advisories/62092

Sign in

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05644

IBMid - Sign in or create an IBMid

Products affected by CVE-2014-6209

IBM » DB2 » Version: 9.5
cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.7
cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 10.1
cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 10.5
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
Matching versions