DB2 10.5 < Fix Pack 1 Security Bypass

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by security bypass
vulnerability.

Description :

According to its version, the installation of DB2 10.5 on the remote
host is affected by a security bypass vulnerability.

An unspecified error exists that can allow an attacker to gain SELECT,
INSERT, UPDATE, or DELETE permissions to database tables.

Note that successful exploitation requires the rights EXPLAIN, SQLADM,
or DBADM.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21646809
http://www-01.ibm.com/support/docview.wss?uid=swg24035569

Solution :

Apply DB2 Version 10.5 Fix Pack 1 or later.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 69800 ()

Bugtraq ID: 62018

CVE ID: CVE-2013-4033