CVE-2010-3475

EUVD-2010-3473
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
ibmdb2
9.7
ibmdb2
9.7.0.1
ibmdb2
9.7.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/68122
http://secunia.com/advisories/41444
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
http://www.ibm.com/support/docview.wss?uid=swg21446455
http://www.securityfocus.com/bid/43291
http://www.securitytracker.com/id?1024458
http://www.vupen.com/english/advisories/2010/2425
https://exchange.xforce.ibmcloud.com/vulnerabilities/61873
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609
http://osvdb.org/68122
http://secunia.com/advisories/41444
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
http://www.ibm.com/support/docview.wss?uid=swg21446455
http://www.securityfocus.com/bid/43291
http://www.securitytracker.com/id?1024458
http://www.vupen.com/english/advisories/2010/2425
https://exchange.xforce.ibmcloud.com/vulnerabilities/61873
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609