Vulnerability Details : CVE-2015-0157
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-0157
- cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*
Threat overview for CVE-2015-0157
Top countries where our scanners detected CVE-2015-0157
Top open port discovered on systems with this issue
523
IPs affected by CVE-2015-0157 24
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-0157!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-0157
7.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0157
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:C |
8.0
|
6.9
|
NIST |
CWE ids for CVE-2015-0157
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0157
-
http://www.securityfocus.com/bid/75947
Multiple IBM DB2 Products CVE-2015-0157 Denial of Service Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07108
IBM IT07108: SECURITY: DB2 TRAPS WHEN EXECUTING A SPECIALLY-CRAFTED SQL STATEMENT WITH SCALAR FUNCTIONS (CVE-2015-0157)Vendor Advisory
-
http://www.securitytracker.com/id/1032882
IBM DB2 Scalar Function Bugs Let Remote Authenticated Users Deny Service - SecurityTracker
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07109
IBM IT07109: SECURITY: DB2 TRAPS WHEN EXECUTING A SPECIALLY-CRAFTED SQL STATEMENT WITH SCALAR FUNCTIONS (CVE-2015-0157)
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07103
IBM IT07103: SECURITY: DB2 TRAPS WHEN EXECUTING A SPECIALLY-CRAFTED SQL STATEMENT WITH SCALAR FUNCTIONS (CVE-2015-0157)
-
http://www-01.ibm.com/support/docview.wss?uid=swg21697987
IBM Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in scalar functions (CVE-2015-0157)Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07107
IBMid - Sign in or create an IBMid
Jump to