PT-2010-5032 · Ibm · Ibm Db2 Udb

Published

2010-10-05

Updated

2017-09-19

CVE-2010-3738

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM DB2 UDB 9.5 versions prior to FP6a

Description The issue allows remote authenticated users to execute Audit administration commands without being discovered, making it easier for them to perform certain actions. This is due to the Security component logging AUDIT events with a USERID and an AUTHID value corresponding to the instance owner, instead of the logged-in user account.

Recommendations For IBM DB2 UDB 9.5 versions prior to FP6a, update to FP6a or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-3738

Affected Products

Ibm Db2 Udb

PT-2010-5032 · Ibm · Ibm Db2 Udb

CVE-2010-3738

Weakness Enumeration

Related Identifiers

Affected Products

References · 4