Vulnerability Details : CVE-2014-6210
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-6210
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*
Threat overview for CVE-2014-6210
Top countries where our scanners detected CVE-2014-6210
Top open port discovered on systems with this issue
523
IPs affected by CVE-2014-6210 25
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-6210!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-6210
17.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6210
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-6210
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6210
-
http://www.securityfocus.com/bid/71730
Multiple IBM DB2 Products CVE-2014-6210 Remote Denial of Service Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg21693197
IBM Security Bulletin: Infosphere BigInsights contains multiple vulnerabilities in which an ALTER TABLE statement may cause the Big SQL server to terminate abnormally. (CVE-2014-6159, CVE-2014-6209, C
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934
IBM IC96934: SECURITY: Multiple ALTER TABLE statements can cause DB2 to terminate (CVE-2014-6210).
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651
IBMid - Sign in or create an IBMid
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98685
IBM DB2 ALTER TABLE denial of service CVE-2014-6210 Vulnerability Report
-
http://www.securitytracker.com/id/1034572
IBM DB2 ALTER TABLE Bug Lets Remote Authenticated Users Cause the Target Service to Crash - SecurityTracker
-
http://www-01.ibm.com/support/docview.wss?uid=swg21690891
IBM Security Bulletin: IBM® DB2® LUW contains a vulnerability in which multiple ALTER TABLE statements may cause the DB2 server to terminate abnormally. (CVE-2014-6210)
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652
IBM IT05652: SECURITY: Multiple ALTER TABLE statements can cause DB2 to terminate (CVE-2014-6210).
-
http://secunia.com/advisories/62092
Sign in
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138
IBM IT04138: SECURITY: Multiple ALTER TABLE statements can cause DB2 to terminate (CVE-2014-6210).Vendor Advisory
Jump to