PT-2009-4365 · Ibm · Ibm Db2

Published

2009-06-03

Updated

2017-08-17

CVE-2009-1905

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: IBM DB2 versions 8.0 through 8.0 FP16 IBM DB2 versions 9.1 through 9.1 FP6 IBM DB2 versions 9.5 through 9.5 FP3

Description: The issue allows remote attackers to bypass password authentication and establish a database connection when LDAP security and anonymous bind are enabled.

Recommendations: For IBM DB2 version 8, update to FP17 or later. For IBM DB2 version 9.1, update to FP7 or later. For IBM DB2 version 9.5, update to FP4 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-1905

Affected Products

Ibm Db2

PT-2009-4365 · Ibm · Ibm Db2

CVE-2009-1905

Weakness Enumeration

Related Identifiers

Affected Products

References · 14