CVE-2009-4326
Published Dec 16, 2009
Last updated 14 years ago
Overview
- Description
- The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05"
}
],
"operator": "OR"
}
]
}
]