CVE-2010-3739 - OpenCVE

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2 Universal Database

Configuration 1 [-]

OR	cpe:2.3:a:ibm:db2_universal_database::fp6::::::*
	cpe:2.3:a:ibm:db2_universal_database:9.5:::::::*
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp1::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp2::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp2a::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp3::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp3a::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp3b::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp4::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp4a::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp5::::::

No data.

References

Link	Providers
ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-10-05T17:00:00Z

Updated: 2024-09-16T17:14:29.509Z

Reserved: 2010-10-05T00:00:00Z

Link: CVE-2010-3739

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-10-05T18:00:33.487

Modified: 2010-10-06T04:00:00.000

Link: CVE-2010-3739

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-10-05T17:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "JR34218", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3739", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JR34218", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218"}, {"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", "refsource": "CONFIRM", "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:18:53.198Z"}, "title": "CVE Program Container", "references": [{"name": "JR34218", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3739", "datePublished": "2010-10-05T17:00:00Z", "dateReserved": "2010-10-05T00:00:00Z", "dateUpdated": "2024-09-16T17:14:29.509Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2_universal_database:*:fp6:*:*:*:*:*:*", "matchCriteriaId": "1981C2E5-E186-48A7-B977-7FB8A7DBB6EE", "versionEndIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "F01421A6-B4B4-4F86-87D3-B11AEC1258CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:*:*:*:*:*:*", "matchCriteriaId": "5B561679-68AF-4586-919A-83D47195F9FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp2:*:*:*:*:*:*", "matchCriteriaId": "D66FF5FC-E01A-4DE9-B344-FA20941C806B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp2a:*:*:*:*:*:*", "matchCriteriaId": "430BE300-8260-4966-A282-B69C67B6511C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp3:*:*:*:*:*:*", "matchCriteriaId": "83FB7558-610A-4218-A347-74E1BF4509CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp3a:*:*:*:*:*:*", "matchCriteriaId": "DCA815B1-EF9D-4F43-A51E-2E808FE124C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp3b:*:*:*:*:*:*", "matchCriteriaId": "F4EB46DD-C3DF-4509-9B2E-AFEF7F3EA0D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp4:*:*:*:*:*:*", "matchCriteriaId": "ECF24F65-D158-4627-8E0C-C700CCF803D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp4a:*:*:*:*:*:*", "matchCriteriaId": "0445F99B-1AC4-43CE-85EF-7F0BC1AA093D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp5:*:*:*:*:*:*", "matchCriteriaId": "61533220-2A4F-4BEE-A6BA-27AF0CB2998E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery."}, {"lang": "es", "value": "La caracter\u00edstica de auditor\u00eda en el componente de seguridad de IBM DB2 UDB v9.5 antes de FP6a utiliza la configuraci\u00f3n de auditor\u00eda a nivel de instancia para capturar los eventos de conexi\u00f3n (tambi\u00e9n conocidos como CONNECT y AUTHENTICATION) en determinadas circunstancias, lo que podr\u00eda hacer m\u00e1s f\u00e1cil a atacantes remotos a la hora de conectarse sin ser descubiertos."}], "id": "CVE-2010-3739", "lastModified": "2010-10-06T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-10-05T18:00:33.487", "references": [{"source": "cve@mitre.org", "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}