4
CVE-2010-3475
- EPSS 2.84%
- Veröffentlicht 20.09.2010 22:00:04
- Zuletzt bearbeitet 16.06.2026 23:22:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.84% | 0.848 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
http://secunia.com/advisories/41444
http://www.ibm.com/support/docview.wss?uid=swg21446455
http://www.securityfocus.com/bid/43291
http://www.vupen.com/english/advisories/2010/2425
http://osvdb.org/68122
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
http://www.securitytracker.com/id?1024458
https://exchange.xforce.ibmcloud.com/vulnerabilities/61873
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609