CVE-2009-4438

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.1 before FP8 IBM DB2 versions 9.5 before FP5 IBM DB2 versions 9.7 before FP1

Description The issue concerns the Query Compiler, Rewrite, and Optimizer component, which fails to enforce privilege requirements for access to sequence or global-variable objects. This allows remote authenticated users to access data via unspecified vectors.

Recommendations For IBM DB2 version 9.1, update to at least FP8 to resolve the issue. For IBM DB2 version 9.5, update to at least FP5 to resolve the issue. For IBM DB2 version 9.7, update to at least FP1 to resolve the issue.