PT-2011-3407 · Ibm · Ibm Db2
Published
2011-05-03
·
Updated
2017-09-19
·
CVE-2011-1846
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM DB2 versions 9.5 before FP7
IBM DB2 versions 9.7 before FP4
Description
The issue is related to the improper revocation of role membership from groups, allowing remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role.
Recommendations
For IBM DB2 version 9.5, update to FP7 or later to resolve the issue.
For IBM DB2 version 9.7, update to FP4 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2