CVE-2009-4333
Published Dec 16, 2009
Last updated 14 years ago
Overview
- Description
- The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123"
}
],
"operator": "OR"
}
]
}
]