SQL Injection Vulnerability in IBM solidDB Products
CVE-2013-3031

Currently unrated

Key Information:

Vendor: IBM
Status: Soliddb
Vendor: CVE Published:; 9 September 2013

Summary

A vulnerability exists in IBM solidDB's Universal Cache component, allowing remote authenticated users to exploit a flaw in a SQL stored procedure. By making calls with named arguments and default parameter values, while omitting some expected arguments, attackers can trigger uninitialized memory access leading to potential denial of service and crashes of the daemon. This affects specific versions of the product which require immediate attention from administrators and users to mitigate any risks associated with this vulnerability.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC88796

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21643599

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC94043

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Sep 9, 2013
Vulnerability Reserved
Apr 12, 2013