CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
82.2%
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not
properly check variables, which allows remote authenticated users to bypass
intended restrictions on viewing table data by leveraging the CREATEIN
privilege to execute crafted SQL CREATE VARIABLE statements.
Author | Note |
---|---|
jdstrand | no fix available for 9.7, but there is a mitigation. See IBM support documentation. |
www-01.ibm.com/support/docview.wss?uid=swg1IC81387
www-01.ibm.com/support/docview.wss?uid=swg1IC81390
www-01.ibm.com/support/docview.wss?uid=swg1IC81836
www-01.ibm.com/support/docview.wss?uid=swg21588100
xforce.iss.net/xforce/xfdb/73493
launchpad.net/bugs/cve/CVE-2012-0709
nvd.nist.gov/vuln/detail/CVE-2012-0709
security-tracker.debian.org/tracker/CVE-2012-0709
www.cve.org/CVERecord?id=CVE-2012-0709