Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1846

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2011-1846
Last Modified 26 Jan 2012 10:59:53
Published 03 May 2011 04:55:12
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1846

Summary

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Ibm Db2 9.5

  • Ibm Db2 9.7


References

XF - db2-data-services-sec-bypass(66980)

VUPEN - ADV-2011-1083

BID - 47525

AIXAPAR - IC71375

AIXAPAR - IC71263

CONFIRM - http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71375

CONFIRM - http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71263

SECUNIA - 44229


Last Updated: 27 May 2016 10:56:49