CVE-2016-0215

moderate-risk
Published 2018-01-16

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.

Do I need to act?

-
0.54% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2

Affected Vendors

Ibm

References (2)

Patch http://www-01.ibm.com/support/docview.wss?uid=swg21979986
Patch http://www-01.ibm.com/support/docview.wss?uid=swg21979986
48
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 2/34 · Minimal
Exposure 22/34 · High