Skip to main content

Configuration

CVE-2008-2154

Severity Medium
Score 6/10

Summary

IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.

  • MEDIUM
  • NETWORK
  • SINGLE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

  • Published