CVE-2013-6744

high

Published 2014-05-30 · Modified 2026-05-06

CVSS v3

—

CVSS v2

8.5

VIR risk

8.5

Description

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg1IC99480

Application impact

Vendor	Product	Versions
ibm	db2	`9.5`
ibm	db2	`9.7`
ibm	db2	`9.7.0.1`
ibm	db2	`9.7.0.2`
ibm	db2	`9.7.0.3`
ibm	db2	`9.7.0.4`
ibm	db2	`9.7.0.5`
ibm	db2	`9.7.0.6`
ibm	db2	`9.7.0.7`
ibm	db2	`9.7.0.8`
ibm	db2	`9.7.0.9`
ibm	db2	`10.1`
ibm	db2	`10.1.0.1`
ibm	db2	`10.1.0.2`
ibm	db2	`10.1.0.3`
ibm	db2	`10.5`
ibm	db2	`10.5.0.1`
ibm	db2	`10.5.0.2`

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481
http://www.ibm.com/support/docview.wss?uid=swg1IC99480
http://www.ibm.com/support/docview.wss?uid=swg21610582#4
http://www.ibm.com/support/docview.wss?uid=swg21673947
https://exchange.xforce.ibmcloud.com/vulnerabilities/89860
http://www-01.ibm.com/support/docview.wss?uid=swg1IC98849
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99478
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99480
http://www-01.ibm.com/support/docview.wss?uid=swg1IC99481
http://www.ibm.com/support/docview.wss?uid=swg1IC99480
http://www.ibm.com/support/docview.wss?uid=swg21610582#4
http://www.ibm.com/support/docview.wss?uid=swg21673947
https://exchange.xforce.ibmcloud.com/vulnerabilities/89860

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.