Lucene search

[email protected]CVE-2010-3738

HistoryOct 05, 2010 - 6:00 p.m.

CVE-2010-3738

2010-10-0518:00:33

CWE-264

[email protected]

web.nvd.nist.gov

ibm

db2

udb

9.5

fp6a

security

vulnerability

audit

remote authenticated users

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.

Affected configurations

NVD

Node

ibmdb2Match9.5

ibmdb2Match9.5fp1

ibmdb2Match9.5fp2

ibmdb2Match9.5fp2a

ibmdb2Match9.5fp3

ibmdb2Match9.5fp3a

ibmdb2Match9.5fp3b

ibmdb2Match9.5fp4

ibmdb2Match9.5fp4a

ibmdb2Match9.5fp5

CPENameOperatorVersion
ibm:db2ibm db2eq9.5

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.5

References

ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

www-01.ibm.com/support/docview.wss?uid=swg1IC65184

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for CVE-2010-3738

cvelist1 nvd1 prion1 openvas2 nessus1