CVE-2010-3739

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
ibmdb2_universal_database
𝑥
≤ 9.5
ibmdb2_universal_database
9.5
ibmdb2_universal_database
9.5:fp1
ibmdb2_universal_database
9.5:fp2
ibmdb2_universal_database
9.5:fp2a
ibmdb2_universal_database
9.5:fp3
ibmdb2_universal_database
9.5:fp3a
ibmdb2_universal_database
9.5:fp3b
ibmdb2_universal_database
9.5:fp4
ibmdb2_universal_database
9.5:fp4a
ibmdb2_universal_database
9.5:fp5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218
ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218