CVE-2009-3473

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
ibmdb2
9.1:fp1
ibmdb2
9.1:fp2
ibmdb2
9.1:fp3
ibmdb2
9.1:fp4
ibmdb2
9.1:fp5
ibmdb2
9.1:fp6
ibmdb2
9.1:fp7
𝑥
= Vulnerable software versions
References
http://osvdb.org/58479
http://secunia.com/advisories/36890
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883
http://www-01.ibm.com/support/docview.wss?uid=swg21403619
http://www.securityfocus.com/bid/36540
http://osvdb.org/58479
http://secunia.com/advisories/36890
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883
http://www-01.ibm.com/support/docview.wss?uid=swg21403619
http://www.securityfocus.com/bid/36540