CVE-2011-1847

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
ibmdb2
𝑥
≤ 9.5
ibmdb2
9.5
ibmdb2
9.5:fp1
ibmdb2
9.5:fp2
ibmdb2
9.5:fp2a
ibmdb2
9.5:fp3
ibmdb2
9.5:fp3a
ibmdb2
9.5:fp3b
ibmdb2
9.5:fp4
ibmdb2
9.5:fp4a
ibmdb2
9.5:fp5
ibmdb2
9.5:fp6
ibmdb2
𝑥
≤ 9.7
ibmdb2
9.7
ibmdb2
9.7:fp1
ibmdb2
9.7:fp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/44229
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119
http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413
http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119
http://www.securityfocus.com/bid/47525
http://www.vupen.com/english/advisories/2011/1083
https://exchange.xforce.ibmcloud.com/vulnerabilities/66979
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122
http://secunia.com/advisories/44229
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119
http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413
http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119
http://www.securityfocus.com/bid/47525
http://www.vupen.com/english/advisories/2011/1083
https://exchange.xforce.ibmcloud.com/vulnerabilities/66979
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122