Summary
The host is running IBM DB2 and is prone to multiple security bypass vulnerabilites.
Impact
Successful exploitation will allow attackers to bypass security restrictions.
Impact Level: Application.
Solution
Upgrade to IBM DB2 version 9.7 Fix Pack 3 or later, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
Multiple flaws are due to,
- An error in the application while revoking privileges on a database object from the 'PUBLIC' group, which does not mark the dependent functions as 'INVALID'.
- An error in the application while compiling a compound SQL statement with an 'update' statement can be exploited by an unprivileged user to execute the query from the dynamic SQL cache.
Affected
IBM DB2 versions prior to 9.7 Fix Pack 3
References
Severity
Classification
-
CVE CVE-2010-3474, CVE-2010-3475 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- IBM DB2 OLAP Specification Query Denial of Service Vulnerability
- MariaDB Denial Of Service Vulnerability (Windows)
- IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)
- Oracle Database Server Multiple Information Disclosure Vulnerabilities
- Oracle MySQL Multiple Unspecified vulnerabilities-01 Oct-2013 (Windows)