CVE-2010-3475

high

Description

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609

https://exchange.xforce.ibmcloud.com/vulnerabilities/61873

http://www.vupen.com/english/advisories/2010/2425

http://www.securitytracker.com/id?1024458

http://www.securityfocus.com/bid/43291

http://www.ibm.com/support/docview.wss?uid=swg21446455

http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406

http://secunia.com/advisories/41444

http://osvdb.org/68122

Details

Source: Mitre, NVD

Published: 2010-09-20

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High