Net.data
by IBM
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1442 | 0.04 | — | 0.08 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E." | |||
| CVE-2000-1110 | 0.04 | — | 0.10 | Jan 9, 2001 | document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program. | |||
| CVE-2000-0677 | 0.00 | — | 0.06 | Oct 20, 2000 | Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. |
- CVE-2004-1442Dec 31, 2004risk 0.04cvss —epss 0.08
Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."
- CVE-2000-1110Jan 9, 2001risk 0.04cvss —epss 0.10
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
- CVE-2000-0677Oct 20, 2000risk 0.00cvss —epss 0.06
Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.