6.5

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 Version9.1 Updatefp1
IbmDb2 Version9.1 Updatefp2
IbmDb2 Version9.1 Updatefp3
IbmDb2 Version9.1 Updatefp3a
IbmDb2 Version9.1 Updatefp4
IbmDb2 Version9.1 Updatefp4a
IbmDb2 Version9.1 Updatefp5
IbmDb2 Version9.1 Updatefp6
IbmDb2 Version9.1 Updatefp6a
IbmDb2 Version9.1 Updatefp7
IbmDb2 Version9.5 Updatefp1
IbmDb2 Version9.5 Updatefp2
IbmDb2 Version9.5 Updatefp2a
IbmDb2 Version9.5 Updatefp3
IbmDb2 Version9.5 Updatefp3a
IbmDb2 Version9.5 Updatefp3b
IbmDb2 Version9.5 Updatefp4
IbmDb2 Version9.5 Updatefp4a
IbmDb2 Version9.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.57% 0.721
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
Patch
http://secunia.com/advisories/37759
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
Vendor Advisory
http://www.securityfocus.com/bid/37332
http://www.vupen.com/english/advisories/2009/3520
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852
Vendor Advisory