Описание
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.5 (включая)
Одно из
cpe:2.3:a:ibm:db2:*:fp6a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*
Конфигурация 2Версия до 9.7 (включая)
Одно из
cpe:2.3:a:ibm:db2:*:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01241
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.
EPSS
Процентиль: 79%
0.01241
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-264