VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3475
db2: IBM DB2 9.7 before FP3 does not properly enforce pr...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3475

Original

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-09-20
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-21




Affected Product Tags
cpe:/a:ibm:db2:9.7
cpe:/a:ibm:db2:9.7.0.1
cpe:/a:ibm:db2:9.7.0.2
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
X Single [?]
None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
AIXAPAR IC70406




BID 43291




CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21446455




SECUNIA 41444




VUPEN ADV-2010-2425




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




XF ibm-db2-sql-security-bypass(61873)




Copyright © 2010 JPCERT/CC All Rights Reserved.