Vulnerability Details : CVE-2017-1519
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2017-1519
Probability of exploitation activity in the next 30 days: 0.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-1519
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
|
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2017-1519
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1519
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/129829
IBM DB2 denial of service CVE-2017-1519 Vulnerability ReportVendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=swg22007183
IBM Security Bulletin: IBM® Db2® is affected by denial of service vulnerability in the Db2 Connect Server (CVE-2017-1519)Patch;Vendor Advisory
-
http://www.securitytracker.com/id/1039298
IBM DB2 Unspecified Flaw Lets Remote Users Cause the Target Service to Be Disrupted - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/100688
IBM DB2 Products CVE-2017-1519 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-1519
- cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:*:*:*:*