4
CVE-2012-0709
- EPSS 1.83%
- Veröffentlicht 20.03.2012 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:38:06
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.83% | 0.761 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836
http://www-01.ibm.com/support/docview.wss?uid=swg21588100
https://exchange.xforce.ibmcloud.com/vulnerabilities/73493
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004