4

CVE-2010-3475

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 Version9.7
IbmDb2 Version9.7.0.1
IbmDb2 Version9.7.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.84% 0.848
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/41444
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21446455
http://www.securityfocus.com/bid/43291
http://www.vupen.com/english/advisories/2010/2425
Vendor Advisory
http://osvdb.org/68122
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
http://www.securitytracker.com/id?1024458
https://exchange.xforce.ibmcloud.com/vulnerabilities/61873
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609