CVE-2017-1520

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
ibmdb2
9.7
ibmdb2
9.7.0.1
ibmdb2
9.7.0.2
ibmdb2
9.7.0.3
ibmdb2
9.7.0.4
ibmdb2
9.7.0.5
ibmdb2
9.7.0.6
ibmdb2
9.7.0.7
ibmdb2
9.7.0.8
ibmdb2
9.7.0.9
ibmdb2
9.7.0.9:a
ibmdb2
9.7.0.10
ibmdb2
9.7.0.11
ibmdb2
10.1
ibmdb2
10.1.0.1
ibmdb2
10.1.0.2
ibmdb2
10.1.0.3
ibmdb2
10.1.0.4
ibmdb2
10.1.0.5
ibmdb2
10.5
ibmdb2
10.5.0.1
ibmdb2
10.5.0.2
ibmdb2
10.5.0.3
ibmdb2
10.5.0.3:a
ibmdb2
10.5.0.4
ibmdb2
10.5.0.5
ibmdb2
10.5.0.6
ibmdb2
10.5.0.7
ibmdb2
11.1.0.0
ibmdb2_connect
9.7
ibmdb2_connect
9.7.0.1
ibmdb2_connect
9.7.0.2
ibmdb2_connect
9.7.0.3
ibmdb2_connect
9.7.0.4
ibmdb2_connect
9.7.0.5
ibmdb2_connect
9.7.0.6
ibmdb2_connect
9.7.0.7
ibmdb2_connect
9.7.0.8
ibmdb2_connect
9.7.0.9
ibmdb2_connect
9.7.0.10
ibmdb2_connect
9.7.0.11
ibmdb2_connect
10.1
ibmdb2_connect
10.1.0.1
ibmdb2_connect
10.1.0.2
ibmdb2_connect
10.1.0.3
ibmdb2_connect
10.1.0.4
ibmdb2_connect
10.1.0.5
ibmdb2_connect
10.5
ibmdb2_connect
10.5.0.1
ibmdb2_connect
10.5.0.2
ibmdb2_connect
10.5.0.3
ibmdb2_connect
10.5.0.4
ibmdb2_connect
10.5.0.5
ibmdb2_connect
10.5.0.6
ibmdb2_connect
10.5.0.7
ibmdb2_connect
11.1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg22007186
http://www.securityfocus.com/bid/100684
http://www.securitytracker.com/id/1039308
https://exchange.xforce.ibmcloud.com/vulnerabilities/129830
http://www.ibm.com/support/docview.wss?uid=swg22007186
http://www.securityfocus.com/bid/100684
http://www.securitytracker.com/id/1039308
https://exchange.xforce.ibmcloud.com/vulnerabilities/129830