CVE-2009-1239

🗓️ 03 Apr 2009 18:00:00Reported by mitreType

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, allowing attackers to obtain sensitive information via a crafted query

Reporter	Title	Published	Views	Family All 11
Tenable Nessus	IBM DB2 9.1 < 9.1 Fix Pack 7 Information Disclosure	18 Aug 200400:00	–	nessus
Tenable Nessus	IBM DB2 9.1 < Fix Pack 7 Multiple Vulnerabilities	22 Apr 200900:00	–	nessus
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	13 Apr 202120:46	–	ibm
Cvelist	CVE-2009-1239	3 Apr 200918:00	–	cvelist
EUVD	EUVD-2009-1238	7 Oct 202500:30	–	euvd
NVD	CVE-2009-1239	3 Apr 200918:30	–	nvd
OpenVAS	IBM Db2 Information Disclosure Vulnerability - Windows	11 May 200900:00	–	openvas
OpenVAS	IBM Db2 Information Disclosure Vulnerability - Linux	11 May 200900:00	–	openvas
OpenVAS	IBM DB2 Information Disclosure Vulnerability (Windows)	11 May 200900:00	–	openvas
OpenVAS	IBM DB2 Information Disclosure Vulnerability (Linux)	11 May 200900:00	–	openvas

NVD

Node

ibm db2Range≤9.1fp6a

ibm db2Match9.1

ibm db2Match9.1connect_server

ibm db2Match9.1enterprise_server

ibm db2Match9.1express_server

ibm db2Match9.1personal

ibm db2Match9.1workgroup_server

ibm db2Match9.1fp1

ibm db2Match9.1fp1unix

ibm db2Match9.1fp1windows

ibm db2Match9.1fp2

ibm db2Match9.1fp3

ibm db2Match9.1fp3a

ibm db2Match9.1fp4

ibm db2Match9.1fp4a

ibm db2Match9.1fp5

ibm db2Match9.1fp6

Source	Link
www-01	www.www-01.ibm.com/support/docview.wss
vupen	www.vupen.com/english/advisories/2009/0912
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/49864
www-01	www.www-01.ibm.com/support/docview.wss

23 Apr 2026 00:35Current

8.6High risk

Vulners AI Score8.6

CVSS 25

EPSS0.00301

CWE-200