Lucene search

MitreCVE-2009-4438

HistoryDec 28, 2009 - 7:30 p.m.

CVE-2009-4438

2009-12-2819:30:00

CWE-264

mitre

web.nvd.nist.gov

ibm

db2

query compiler

rewrite

optimizer

cve-2009-4438

nvd

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

69.4%

JSON

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

Affected configurations

Nvd

Node

ibmdb2Match9.1fp1

ibmdb2Match9.1fp2

ibmdb2Match9.1fp3

ibmdb2Match9.1fp3a

ibmdb2Match9.1fp4

ibmdb2Match9.1fp4a

ibmdb2Match9.1fp5

ibmdb2Match9.1fp6

ibmdb2Match9.1fp6a

ibmdb2Match9.1fp7

ibmdb2Match9.5fp1

ibmdb2Match9.5fp2

ibmdb2Match9.5fp2a

ibmdb2Match9.5fp3

ibmdb2Match9.5fp3a

ibmdb2Match9.5fp3b

ibmdb2Match9.5fp4

ibmdb2Match9.5fp4a

ibmdb2Match9.7

VendorProductVersionCPE
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp1::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp2::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp3::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp3a::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp4::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp4a::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp5::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp6::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp6a::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp7::::::

Rows per page:

1-10 of 191

References

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

secunia.com/advisories/37759

www-01.ibm.com/support/docview.wss?uid=swg1IC62543

www-01.ibm.com/support/docview.wss?uid=swg1IC62583

www-01.ibm.com/support/docview.wss?uid=swg1IC64852

www-01.ibm.com/support/docview.wss?uid=swg21293566

www-01.ibm.com/support/docview.wss?uid=swg21412902

www.securityfocus.com/bid/37332

www.vupen.com/english/advisories/2009/3520

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

69.4%

JSON

Related for CVE-2009-4438