CVE-2012-0709

EPSS 0.34%
Published 20.03.2012 20:55:01
Last modified 11.04.2025 00:51:21
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Db2 Version9.5

Ibm ≫ Db2 Version9.5 Updatefp1

Ibm ≫ Db2 Version9.5 Updatefp2

Ibm ≫ Db2 Version9.5 Updatefp2a

Ibm ≫ Db2 Version9.5 Updatefp3

Ibm ≫ Db2 Version9.5 Updatefp3a

Ibm ≫ Db2 Version9.5 Updatefp3b

Ibm ≫ Db2 Version9.5 Updatefp4

Ibm ≫ Db2 Version9.5 Updatefp4a

Ibm ≫ Db2 Version9.5 Updatefp5

Ibm ≫ Db2 Version9.5 Updatefp6

Ibm ≫ Db2 Version9.5 Updatefp6a

Ibm ≫ Db2 Version9.5 Updatefp7

Ibm ≫ Db2 Version9.5 Updatefp8

Ibm ≫ Db2 Version9.7

Ibm ≫ Db2 Version9.7 Updatefp1

Ibm ≫ Db2 Version9.7 Updatefp2

Ibm ≫ Db2 Version9.7 Updatefp3

Ibm ≫ Db2 Version9.7 Updatefp3a

Ibm ≫ Db2 Version9.7 Updatefp4

Ibm ≫ Db2 Version9.7 Updatefp5

Ibm ≫ Db2 Version9.8

Ibm ≫ Db2 Version9.8 Updatefp3

Ibm ≫ Db2 Version9.8 Updatefp4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.535

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387

http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390

http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836

http://www-01.ibm.com/support/docview.wss?uid=swg21588100

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/73493

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004

https://nvd.nist.gov/vuln/detail/CVE-2012-0709

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0709

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0709

EUVD