6 matches found
Security Bulletin: Unauthorized Access to Table Vulnerability in DB2 (CVE-2013-4033)
Abstract A vulnerability in IBM DB2 could allow an authenticated user holding EXPLAIN authority to temporarily gain SELECT, INSERT, UPDATE or DELETE privilege on a table. Content VULNERABILITY DETAILS CVE ID: CVE-2013-4033 DESCRIPTION: The IBM DB2 products listed below contain a security...
Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000, and D5100 and IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700 and 7710 are affected by an unauthorized access to table vulnerability in IBM DB2 (CVE-2013-4033)
Abstract A vulnerability in IBM DB2 for Linux, UNIX, and Windows could allow an authenticated user holding EXPLAIN authority to temporarily gain SELECT, INSERT, UPDATE or DELETE privilege on a table. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-4033 IBM InfoSphere Balanced Warehouse C3000,...
IBM DB2 10.1 < Fix Pack 3 Multiple Vulnerabilities (credentialed check)
According to its version, the installation of IBM DB2 10.1 on the remote host is affected by the following vulnerabilities : - When a multi-node configuration is used, an error exists in the Fast Communications Manager FCM that could allow denial of service attacks. CVE-2013-4032 / IC94434 - An...
IBM DB2 10.5 < Fix Pack 1 Security Bypass
According to its version, the installation of IBM DB2 10.5 running on the remote host is affected by a security bypass vulnerability. An unspecified error exists that can allow an attacker to gain SELECT, INSERT, UPDATE, or DELETE permissions to database tables. Note that successful exploitation...
IBM Db2 DML Statement Execution Remote Privilege Escalation Vulnerability
IBM Db2 is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2"; ifdescription...
CVE-2013-4033
CVE-2013-4033 affects IBM DB2 and DB2 Connect (versions 9.7 FP8, 9.8 FP5, 10.1 FP2, 10.5 FP1). An authenticated user with EXPLAIN authority can temporarily gain SELECT/INSERT/UPDATE/DELETE on a table without DATAACCESS authority, by exploiting EXPLAIN-related privileges. IBM security notices list...