IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387 - | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390 - | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836 - | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21588100 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/73493 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004 - |
Information
Published : 2012-03-20 20:55
Updated : 2024-11-21 01:35
NVD link : CVE-2012-0709
Mitre link : CVE-2012-0709
CVE.ORG link : CVE-2012-0709
JSON object : View
Products Affected
ibm
- db2
CWE
CWE-20
Improper Input Validation