Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

IBM DB2 Multiple Security Bypass Vulnerabilities (May-11)

Information

Severity

Severity

Medium

Family

Family

Databases

CVSSv2 Base

CVSSv2 Base

6.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

3 years ago

Summary

The host is running IBM DB2 and is prone to multiple security bypass vulnerabilities.

Insight

Insight

Multiple flaws are due to, - An access validation error which could allow users to update statistics for tables without appropriate privileges. - An error when revoking role memberships, which could result in a user continuing to have privileges to execute a non-DDL statement after role membership has been revoked from its group.

Affected Software

Affected Software

IBM DB2 versions prior to 9.5 Fix Pack 7 IBM DB2 versions prior to 9.7 Fix Pack 4

Solution

Solution

Update DB2 to 9.5 Fix Pack 7, or 9.7 Fix Pack 4.

Common Vulnerabilities and Exposures (CVE)