CVE-2013-3475

{"id": "CVE-2013-3475", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-05T03:43:48.050", "references": [{"url": "http://secunia.com/advisories/52663", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/53704", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/60255", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/52663", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/53704", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/60255", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en db2aud en Audit Facility de IBM DB2 y DB2 Connect v9.1, v9.5, v9.7, v9.8 y v10.1, como se utiliza en Smart System Analytics 7600 y otros productos, permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:53:41.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05"}, {"criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA"}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B"}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BA7EE47-766E-4AA5-BD74-152EDBC1E17F"}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CDD816C-7070-4118-845E-6205FE130A02"}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2"}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A174260C-45A3-4DE3-8B2C-82416196FFF3"}, {"criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA"}, {"criteria": "cpe:2.3:h:ibm:smart_analytics_system_7600:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "077FE845-5F92-4656-A8E9-A68FD73C9901"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21639355\r\n\r\n'The following IBM DB2 and DB2 Connect V9.1, V9.5, V9.7 and V10.1 editions running on AIX, Linux, HP and Solaris (this vulnerability is not applicable to DB2 on Windows.).'", "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}