Lucene search

[email protected]NVD:CVE-2010-3475

HistorySep 20, 2010 - 10:00 p.m.

CVE-2010-3475

2010-09-2022:00:04

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.

Affected configurations

Nvd

Node

ibmdb2Match9.7

ibmdb2Match9.7.0.1

ibmdb2Match9.7.0.2

VendorProductVersionCPE
ibmdb29.7cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
ibmdb29.7.0.1cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
ibmdb29.7.0.2cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.7	cpe:2.3:a:ibm:db2:9.7:::::::*
ibm	db2	9.7.0.1	cpe:2.3:a:ibm:db2:9.7.0.1:::::::*
ibm	db2	9.7.0.2	cpe:2.3:a:ibm:db2:9.7.0.2:::::::*

References

osvdb.org/68122

secunia.com/advisories/41444

www-01.ibm.com/support/docview.wss?uid=swg1IC70406

www.ibm.com/support/docview.wss?uid=swg21446455

www.securityfocus.com/bid/43291

www.securitytracker.com/id?1024458

www.vupen.com/english/advisories/2010/2425

exchange.xforce.ibmcloud.com/vulnerabilities/61873

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON

Related for NVD:CVE-2010-3475

cvelist1 prion1 cve1 openvas2 nessus1