Lucene search

[email protected]CVE-2010-3474

HistorySep 20, 2010 - 10:00 p.m.

CVE-2010-3474

2010-09-2022:00:04

CWE-264

[email protected]

web.nvd.nist.gov

ibm

db2

9.7

security

vulnerability

access restrictions

nvd

cve-2010-3474

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions’ owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471.

Affected configurations

NVD

Node

ibmdb2Match9.7

ibmdb2Match9.7.0.1

ibmdb2Match9.7.0.2

CPENameOperatorVersion
ibm:db2ibm db2eq9.7
ibm:db2ibm db2eq9.7.0.1
ibm:db2ibm db2eq9.7.0.2

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.7
ibm:db2	ibm db2	eq	9.7.0.1
ibm:db2	ibm db2	eq	9.7.0.2

References

osvdb.org/68121

secunia.com/advisories/41444

www-01.ibm.com/support/docview.wss?uid=swg1IC68015

www.ibm.com/support/docview.wss?uid=swg21446455

www.securityfocus.com/bid/43291

www.securitytracker.com/id?1024457

www.vupen.com/english/advisories/2010/2425

exchange.xforce.ibmcloud.com/vulnerabilities/61872

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2010-3474

prion2 cvelist2 nvd2 openvas6 nessus6 cve1