Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0709

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-0709
Last Modified 13 Aug 2012 11:34:40
Published 20 Mar 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-0709

Summary

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.

Vulnerable Systems

Application

  • Ibm Db2 9.5

  • Ibm Db2 9.7

  • Ibm Db2 9.8


References

XF - db2-createvariable-security-bypass(73493)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21588100

AIXAPAR - IC81836

AIXAPAR - IC81390

AIXAPAR - IC81387


Last Updated: 27 May 2016 10:49:34