Lucene search

PRIOn knowledge basePRION:CVE-2011-1846

HistoryMay 03, 2011 - 8:55 p.m.

Design/Logic Flaw

2011-05-0320:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.7%

JSON

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
db2eq9.5
db2eq9.5 fp4
db2eq9.5 fp5
db2eq9.5 fp4a
db2eq9.5 fp1
db2eq9.5 fp2a
db2eq9.5 fp6
db2le9.5
db2eq9.5 fp3b
db2eq9.5 fp2

Name	Operator	Version
db2	eq	9.5
db2	eq	9.5 fp4
db2	eq	9.5 fp5
db2	eq	9.5 fp4a
db2	eq	9.5 fp1
db2	eq	9.5 fp2a
db2	eq	9.5 fp6
db2	le	9.5
db2	eq	9.5 fp3b
db2	eq	9.5 fp2

Rows per page:

1-10 of 161

References

secunia.com/advisories/44229

www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71263

www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71375

www-01.ibm.com/support/docview.wss?uid=swg1IC71263

www-01.ibm.com/support/docview.wss?uid=swg1IC71375

www.securityfocus.com/bid/47525

www.vupen.com/english/advisories/2011/1083

exchange.xforce.ibmcloud.com/vulnerabilities/66980

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688