PT-2013-4803 · Ibm · Db2 Connect+1

Publicado

2013-08-28

Atualizado

2017-08-29

CVE-2013-4033

CVSS v2.0

4.6

Média

Vetor

AV:N/AC:H/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM DB2 and DB2 Connect versions 9.7 through FP8 IBM DB2 and DB2 Connect versions 9.8 through FP5 IBM DB2 and DB2 Connect versions 10.1 through FP2 IBM DB2 and DB2 Connect versions 10.5 through FP1

Description The issue allows remote authenticated users to execute DML statements by leveraging EXPLAIN authority.

Recommendations For versions 9.7 through FP8, update to a version after FP8 to resolve the issue. For versions 9.8 through FP5, update to a version after FP5 to resolve the issue. For versions 10.1 through FP2, update to a version after FP2 to resolve the issue. For versions 10.5 through FP1, update to a version after FP1 to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2013-4033

Produtos afetados

Db2

Db2 Connect

PT-2013-4803 · Ibm · Db2 Connect+1

CVE-2013-4033

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7