CVE-2009-3473

EUVD-2009-3455
IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
ibmdb2
9.1:fp1
ibmdb2
9.1:fp2
ibmdb2
9.1:fp3
ibmdb2
9.1:fp4
ibmdb2
9.1:fp5
ibmdb2
9.1:fp6
ibmdb2
9.1:fp7
𝑥
= Vulnerable software versions
References
http://osvdb.org/58479
http://secunia.com/advisories/36890
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883
http://www-01.ibm.com/support/docview.wss?uid=swg21403619
http://www.securityfocus.com/bid/36540
http://osvdb.org/58479
http://secunia.com/advisories/36890
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883
http://www-01.ibm.com/support/docview.wss?uid=swg21403619
http://www.securityfocus.com/bid/36540