CVE-2009-3473

2009-09-2921:30:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

69.4%

JSON

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.

Affected configurations

Nvd

Node

ibmdb2Match9.1fp1

ibmdb2Match9.1fp2

ibmdb2Match9.1fp3

ibmdb2Match9.1fp4

ibmdb2Match9.1fp5

ibmdb2Match9.1fp6

ibmdb2Match9.1fp7

VendorProductVersionCPE
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
ibmdb29.1cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp1::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp2::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp3::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp4::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp5::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp6::::::
ibm	db2	9.1	cpe:2.3:a:ibm:db2:9.1:fp7::::::