OpenCVE

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2

Configuration 1 [-]

OR	cpe:2.3:a:ibm:db2::fp9::::::*
	cpe:2.3:a:ibm:db2:9.1:::::::*
	cpe:2.3:a:ibm:db2:9.1:fp1::::::
	cpe:2.3:a:ibm:db2:9.1:fp2::::::
	cpe:2.3:a:ibm:db2:9.1:fp2a::::::
	cpe:2.3:a:ibm:db2:9.1:fp3::::::
	cpe:2.3:a:ibm:db2:9.1:fp3a::::::
	cpe:2.3:a:ibm:db2:9.1:fp4::::::
	cpe:2.3:a:ibm:db2:9.1:fp4a::::::
	cpe:2.3:a:ibm:db2:9.1:fp5::::::
	cpe:2.3:a:ibm:db2:9.1:fp6::::::
	cpe:2.3:a:ibm:db2:9.1:fp6a::::::
	cpe:2.3:a:ibm:db2:9.1:fp7::::::
	cpe:2.3:a:ibm:db2:9.1:fp7a::::::
	cpe:2.3:a:ibm:db2:9.1:fp8::::::

Configuration 2 [-]

OR	cpe:2.3:a:ibm:db2::fp6::::::*
	cpe:2.3:a:ibm:db2:9.5:::::::*
	cpe:2.3:a:ibm:db2:9.5:fp1::::::
	cpe:2.3:a:ibm:db2:9.5:fp2::::::
	cpe:2.3:a:ibm:db2:9.5:fp2a::::::
	cpe:2.3:a:ibm:db2:9.5:fp3::::::
	cpe:2.3:a:ibm:db2:9.5:fp3a::::::
	cpe:2.3:a:ibm:db2:9.5:fp3b::::::
	cpe:2.3:a:ibm:db2:9.5:fp4::::::
	cpe:2.3:a:ibm:db2:9.5:fp4a::::::
	cpe:2.3:a:ibm:db2:9.5:fp5::::::

Configuration 3 [-]

OR	cpe:2.3:a:ibm:db2::fp1::::::*
	cpe:2.3:a:ibm:db2:9.7:::::::*

No data.

References

Link	Providers
http://osvdb.org/70773
http://secunia.com/advisories/43148
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
http://www.ibm.com/support/docview.wss?uid=swg1IC66811
http://www.ibm.com/support/docview.wss?uid=swg1IC66814
http://www.ibm.com/support/docview.wss?uid=swg1IC66815
http://www.ibm.com/support/docview.wss?uid=swg21426108
http://www.securityfocus.com/bid/46064
https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-02-02T22:00:00

Updated: 2024-08-06T22:05:53.424Z

Reserved: 2011-02-02T00:00:00

Link: CVE-2011-0757

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-02-02T23:00:33.457

Modified: 2024-11-21T01:24:46.533

Link: CVE-2011-0757

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object