CVE-2010-3475
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
7.2 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
65.8%
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.
Affected configurations
References
osvdb.org/68122
secunia.com/advisories/41444
www-01.ibm.com/support/docview.wss?uid=swg1IC70406
www.ibm.com/support/docview.wss?uid=swg21446455
www.securityfocus.com/bid/43291
www.securitytracker.com/id?1024458
www.vupen.com/english/advisories/2010/2425
exchange.xforce.ibmcloud.com/vulnerabilities/61873
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
7.2 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
65.8%