CVE-2010-3738

Name of the Vulnerable Software and Affected Versions IBM DB2 UDB 9.5 versions prior to FP6a

Description The issue allows remote authenticated users to execute Audit administration commands without being discovered, making it easier for them to perform certain actions. This is due to the Security component logging AUDIT events with a USERID and an AUTHID value corresponding to the instance owner, instead of the logged-in user account.

Recommendations For IBM DB2 UDB 9.5 versions prior to FP6a, update to FP6a or later to resolve the issue.