Lucene search

K

Ubuntu.comUB:CVE-2012-0709

HistoryMar 20, 2012 - 12:00 a.m.

CVE-2012-0709

2012-03-2000:00:00

ubuntu.com

ubuntu.com

6

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

82.2%

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not
properly check variables, which allows remote authenticated users to bypass
intended restrictions on viewing table data by leveraging the CREATEIN
privilege to execute crafted SQL CREATE VARIABLE statements.

Notes

Author	Note
jdstrand	no fix available for 9.7, but there is a mitigation. See IBM support documentation.

References

www-01.ibm.com/support/docview.wss?uid=swg1IC81387

www-01.ibm.com/support/docview.wss?uid=swg1IC81390

www-01.ibm.com/support/docview.wss?uid=swg1IC81836

www-01.ibm.com/support/docview.wss?uid=swg21588100

xforce.iss.net/xforce/xfdb/73493

launchpad.net/bugs/cve/CVE-2012-0709

nvd.nist.gov/vuln/detail/CVE-2012-0709

security-tracker.debian.org/tracker/CVE-2012-0709

www.cve.org/CVERecord?id=CVE-2012-0709

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

82.2%

Related for UB:CVE-2012-0709

nvd1 ibm1 cvelist1 prion1 cve1 openvas2 nessus2