CVE-2010-3194

high

Description

The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.

References

ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

http://secunia.com/advisories/41218

http://www.vupen.com/english/advisories/2010/2225

http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749

http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756

http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762

http://www-01.ibm.com/support/docview.wss?uid=swg21426108

http://www-01.ibm.com/support/docview.wss?uid=swg21432298

https://exchange.xforce.ibmcloud.com/vulnerabilities/61445

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13841

Details

Source: MITRE

Published: 2010-08-31

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH