CVE-2011-1846
03.05.2011, 20:55
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ibm | db2 | 𝑥 ≤ 9.5 |
| ibm | db2 | 9.5 |
| ibm | db2 | 9.5:fp1 |
| ibm | db2 | 9.5:fp2 |
| ibm | db2 | 9.5:fp2a |
| ibm | db2 | 9.5:fp3 |
| ibm | db2 | 9.5:fp3a |
| ibm | db2 | 9.5:fp3b |
| ibm | db2 | 9.5:fp4 |
| ibm | db2 | 9.5:fp4a |
| ibm | db2 | 9.5:fp5 |
| ibm | db2 | 9.5:fp6 |
| ibm | db2 | 𝑥 ≤ 9.7 |
| ibm | db2 | 9.7 |
| ibm | db2 | 9.7:fp1 |
| ibm | db2 | 9.7:fp2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References