PT-2013-4803 · Ibm · Db2 Connect+1

Published

2013-08-28

Updated

2017-08-29

CVE-2013-4033

CVSS v2.0

4.6

Medium

Vector

AV:N/AC:H/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM DB2 and DB2 Connect versions 9.7 through FP8 IBM DB2 and DB2 Connect versions 9.8 through FP5 IBM DB2 and DB2 Connect versions 10.1 through FP2 IBM DB2 and DB2 Connect versions 10.5 through FP1

Description The issue allows remote authenticated users to execute DML statements by leveraging EXPLAIN authority.

Recommendations For versions 9.7 through FP8, update to a version after FP8 to resolve the issue. For versions 9.8 through FP5, update to a version after FP5 to resolve the issue. For versions 10.1 through FP2, update to a version after FP2 to resolve the issue. For versions 10.5 through FP1, update to a version after FP1 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-4033

Affected Products

Db2

Db2 Connect

PT-2013-4803 · Ibm · Db2 Connect+1

CVE-2013-4033

Weakness Enumeration

Related Identifiers

Affected Products

References · 7