CVE-2015-1922

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.7 through FP10 IBM DB2 versions 9.8 through FP5 IBM DB2 version 10.1 before FP5 IBM DB2 versions 10.5 through FP5

Description The issue is related to the Data Movement implementation in IBM DB2, which has inadequate access control. This allows remote authenticated users to bypass intended access restrictions. As a result, an attacker can delete table rows via unspecified vectors. The vulnerability can be exploited by a remote attacker to bypass existing access restrictions and delete arbitrary table rows.

Recommendations For IBM DB2 versions 9.7 through FP10, update to a version after FP10 to resolve the issue. For IBM DB2 versions 9.8 through FP5, update to a version after FP5 to resolve the issue. For IBM DB2 version 10.1 before FP5, update to FP5 or later to resolve the issue. For IBM DB2 versions 10.5 through FP5, update to a version after FP5 to resolve the issue.