- Description
- IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D"
},
{
"criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE"
}
],
"operator": "OR"
}
]
}
]