PT-2009-6559 · Ibm · Ibm Db2
Published
2009-12-28
·
Updated
2010-06-29
·
CVE-2009-4438
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM DB2 versions 9.1 before FP8
IBM DB2 versions 9.5 before FP5
IBM DB2 versions 9.7 before FP1
Description
The issue concerns the Query Compiler, Rewrite, and Optimizer component, which fails to enforce privilege requirements for access to sequence or global-variable objects. This allows remote authenticated users to access data via unspecified vectors.
Recommendations
For IBM DB2 version 9.1, update to at least FP8 to resolve the issue.
For IBM DB2 version 9.5, update to at least FP5 to resolve the issue.
For IBM DB2 version 9.7, update to at least FP1 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2