CVE-2009-4333

Опубликовано: 16 дек. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.

Ссылки

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://secunia.com/advisories/37759
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
Vendor Advisory
http://www.securityfocus.com/bid/37332
http://www.vupen.com/english/advisories/2009/3520
Vendor Advisory
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://secunia.com/advisories/37759
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
Vendor Advisory
http://www.securityfocus.com/bid/37332
http://www.vupen.com/english/advisories/2009/3520
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*

cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00348

Низкий

7.5 High

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-hv8p-wh9f-g52v

github

почти 4 года назад