CVE-2015-1922

LOW

Description

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526

http://www-01.ibm.com/support/docview.wss?uid=swg21959650

http://www.securityfocus.com/bid/75911

http://www.securitytracker.com/id/1032879

Details

Source: MITRE

Published: 2015-07-20

Updated: 2018-09-26

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 3.5

Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW