4

CVE-2010-3475

EPSS 1.05%
Published 20.09.2010 22:00:04
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Db2 Version9.7

Ibm ≫ Db2 Version9.7.0.1

Ibm ≫ Db2 Version9.7.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.05%	0.755

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

http://secunia.com/advisories/41444

Vendor Advisory

http://www.ibm.com/support/docview.wss?uid=swg21446455

http://www.securityfocus.com/bid/43291

http://www.vupen.com/english/advisories/2010/2425

Vendor Advisory

http://osvdb.org/68122

http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406

http://www.securitytracker.com/id?1024458

https://exchange.xforce.ibmcloud.com/vulnerabilities/61873

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609

https://nvd.nist.gov/vuln/detail/CVE-2010-3475

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3475

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3475

EUVD