Lucene search

[email protected]CVE-2011-1846

HistoryMay 03, 2011 - 8:55 p.m.

CVE-2011-1846

2011-05-0320:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-1846

ibm db2

security vulnerability

role membership

non-ddl statements

9 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.2%

JSON

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
ibm:db2ibm db2eq9.5
ibm:db2ibm db2eq9.7

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.5
ibm:db2	ibm db2	eq	9.7

References

secunia.com/advisories/44229

www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71263

www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71375

www-01.ibm.com/support/docview.wss?uid=swg1IC71263

www-01.ibm.com/support/docview.wss?uid=swg1IC71375

www.securityfocus.com/bid/47525

www.vupen.com/english/advisories/2011/1083

exchange.xforce.ibmcloud.com/vulnerabilities/66980

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688

9 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for CVE-2011-1846

prion2 nessus4 openvas4 ibm2 cve1