Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
secunia.com/advisories/28183
secunia.com/advisories/28187
supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp
www.ingres.com/support/security-alertDec17.php
www.osvdb.org/39358
www.securityfocus.com/archive/1/485448/100/0/threaded
www.securityfocus.com/bid/26959
www.securitytracker.com/id?1019134
www.vupen.com/english/advisories/2007/4303
www.vupen.com/english/advisories/2007/4304