CVE-2009-1239 - OpenCVE

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2

Configuration 1 [-]

OR	cpe:2.3:a:ibm:db2::fp6a::::::*
	cpe:2.3:a:ibm:db2:9.1:::::::*
	cpe:2.3:a:ibm:db2:9.1::connect_server:::::
	cpe:2.3:a:ibm:db2:9.1::enterprise_server:::::
	cpe:2.3:a:ibm:db2:9.1::express_server:::::
	cpe:2.3:a:ibm:db2:9.1::personal:::::
	cpe:2.3:a:ibm:db2:9.1::workgroup_server:::::
	cpe:2.3:a:ibm:db2:9.1:fp1::::::
	cpe:2.3:a:ibm:db2:9.1:fp1:unix:::::*
	cpe:2.3:a:ibm:db2:9.1:fp1:windows:::::*
	cpe:2.3:a:ibm:db2:9.1:fp2::::::
	cpe:2.3:a:ibm:db2:9.1:fp3::::::
	cpe:2.3:a:ibm:db2:9.1:fp3a::::::
	cpe:2.3:a:ibm:db2:9.1:fp4::::::
	cpe:2.3:a:ibm:db2:9.1:fp4a::::::
	cpe:2.3:a:ibm:db2:9.1:fp5::::::
	cpe:2.3:a:ibm:db2:9.1:fp6::::::

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886
http://www-01.ibm.com/support/docview.wss?uid=swg21381257
http://www.vupen.com/english/advisories/2009/0912
https://exchange.xforce.ibmcloud.com/vulnerabilities/49864

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-03T18:00:00

Updated: 2024-08-07T05:04:49.437Z

Reserved: 2009-04-03T00:00:00

Link: CVE-2009-1239

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-04-03T18:30:00.640

Modified: 2017-08-17T01:30:14.803

Link: CVE-2009-1239

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-01T00:00:00", "descriptions": [{"lang": "en", "value": "IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "db2-predicate-information-disclosure(49864)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"}, {"name": "JR31886", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"}, {"name": "ADV-2009-0912", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0912"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1239", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "db2-predicate-information-disclosure(49864)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"}, {"name": "JR31886", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"}, {"name": "ADV-2009-0912", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0912"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:04:49.437Z"}, "title": "CVE Program Container", "references": [{"name": "db2-predicate-information-disclosure(49864)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"}, {"name": "JR31886", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"}, {"name": "ADV-2009-0912", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0912"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1239", "datePublished": "2009-04-03T18:00:00", "dateReserved": "2009-04-03T00:00:00", "dateUpdated": "2024-08-07T05:04:49.437Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:*:fp6a:*:*:*:*:*:*", "matchCriteriaId": "90C0F24A-7D81-4A4B-8987-FEF3214AFB7E", "versionEndIncluding": "9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:*:connect_server:*:*:*:*:*", "matchCriteriaId": "7372EC03-10FD-4A90-801A-B7947436CE34", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "959E00AE-24A2-4890-A120-0EDEC401A2F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:*:express_server:*:*:*:*:*", "matchCriteriaId": "66CF4477-2D86-48D6-BD56-E09A01EA518F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:*:personal:*:*:*:*:*", "matchCriteriaId": "CE1F8C8D-DC4C-4401-9D83-BBCF9687035D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:*:workgroup_server:*:*:*:*:*", "matchCriteriaId": "C1C73916-C875-4137-A208-6AE5EEB1A94E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*", "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:unix:*:*:*:*:*", "matchCriteriaId": "AB624942-B12A-48B4-88F8-22261CBED995", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:windows:*:*:*:*:*", "matchCriteriaId": "C631A734-423E-4C76-8E1C-A4BB2974DA66", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*", "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*", "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*", "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*", "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*", "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*", "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*", "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query."}, {"lang": "es", "value": "IBM DB2 v9.1 anteriores a FP7 devuelve resultados incorrectos en ciertas situaciones relacionadas con la orden de aplicaci\u00f3n de una identificaci\u00f3n INNER JOIN y una identificaci\u00f3n OUTER JOIN, lo que permitir\u00eda a atacantes conseguir informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n manipulada."}], "id": "CVE-2009-1239", "lastModified": "2017-08-17T01:30:14.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-04-03T18:30:00.640", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/0912"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}