IBM DB2 9.1 < 9.1 Fix Pack 7 Information Disclosure

Medium Nessus Network Monitor Plugin ID 5006

Synopsis

The remote IBM DB2 database server is affected by an information disclosure vulnerability.

Description

According to its version, the installed version of IBM DB2 server is older than 9.1 Fix Pack 7. Such versions are reportedly affected by an information disclosure vulnerability. Specifically, in certain situations an INNER JOIN predicate is applied before the OUTER JOIN predicate, which could result in disclosure of sensitive information. (JR31886).

Solution

Apply IBM DB2 Version 9.1 Fix Pack 7 or higher.

See Also

http://www-01.ibm.com/support/docview.wss?rs=71&amp;uid=swg21255607#7

http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683

http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886

Plugin Details

Severity: Medium

ID: 5006

File Name: 5006.prm

Family: Database

Published: 2004/08/18

Modified: 2016/10/18

Dependencies: 9531

Nessus ID: 36216

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2009-1239

BID: 34650