4.3
CVE-2017-1520
- EPSS 1.31%
- Veröffentlicht 12.09.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Db2 Connect Version9.7
Ibm ≫ Db2 Connect Version9.7.0.1
Ibm ≫ Db2 Connect Version9.7.0.2
Ibm ≫ Db2 Connect Version9.7.0.3
Ibm ≫ Db2 Connect Version9.7.0.4
Ibm ≫ Db2 Connect Version9.7.0.5
Ibm ≫ Db2 Connect Version9.7.0.6
Ibm ≫ Db2 Connect Version9.7.0.7
Ibm ≫ Db2 Connect Version9.7.0.8
Ibm ≫ Db2 Connect Version9.7.0.9
Ibm ≫ Db2 Connect Version9.7.0.10
Ibm ≫ Db2 Connect Version9.7.0.11
Ibm ≫ Db2 Connect Version10.1
Ibm ≫ Db2 Connect Version10.1.0.1
Ibm ≫ Db2 Connect Version10.1.0.2
Ibm ≫ Db2 Connect Version10.1.0.3
Ibm ≫ Db2 Connect Version10.1.0.4
Ibm ≫ Db2 Connect Version10.1.0.5
Ibm ≫ Db2 Connect Version10.5
Ibm ≫ Db2 Connect Version10.5.0.1
Ibm ≫ Db2 Connect Version10.5.0.2
Ibm ≫ Db2 Connect Version10.5.0.3
Ibm ≫ Db2 Connect Version10.5.0.4
Ibm ≫ Db2 Connect Version10.5.0.5
Ibm ≫ Db2 Connect Version10.5.0.6
Ibm ≫ Db2 Connect Version10.5.0.7
Ibm ≫ Db2 Connect Version11.1.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.668 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.7 | 2.2 | 1.4 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://www.ibm.com/support/docview.wss?uid=swg22007186
http://www.securityfocus.com/bid/100684
http://www.securitytracker.com/id/1039308
https://exchange.xforce.ibmcloud.com/vulnerabilities/129830