Vulnerability Details : CVE-2013-6744
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.
Exploit prediction scoring system (EPSS) score for CVE-2013-6744
Probability of exploitation activity in the next 30 days: 0.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6744
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2013-6744
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6744
-
http://www.ibm.com/support/docview.wss?uid=swg21610582#4
IBM Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for Linux, UNIX, and Windows Version 10.1
-
http://www.ibm.com/support/docview.wss?uid=swg21673947
IBM Security Bulletin: Escalation of Privilege Vulnerability in IBM® DB2® Stored Procedure Infrastructure on Windows (CVE-2013-6744)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89860
IBM DB2 for Windows privilege escalation CVE-2013-6744 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849
IBMid - Sign in or create an IBMid
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478
IBM IC99478: SECURITY: VULNERABILITY IN STORED PROCEDURE INFRASTRUCTURE CAN ALLOW ESCALATION OF PRIVILEGE TO ADMINISTRATOR (CVE-2013-6744).
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481
IBM IC99481: SECURITY: VULNERABILITY IN STORED PROCEDURE INFRASTRUCTURE CAN ALLOW ESCALATION OF PRIVILEGE TO ADMINISTRATOR (CVE-2013-6744).
-
http://www.ibm.com/support/docview.wss?uid=swg1IC99480
IBM IC99480: SECURITY: VULNERABILITY IN STORED PROCEDURE INFRASTRUCTURE CAN ALLOW ESCALATION OF PRIVILEGE TO ADMINISTRATOR (CVE-2013-6744).Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480
IBM IC99480: SECURITY: VULNERABILITY IN STORED PROCEDURE INFRASTRUCTURE CAN ALLOW ESCALATION OF PRIVILEGE TO ADMINISTRATOR (CVE-2013-6744).
Products affected by CVE-2013-6744
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*