Detections
Analytics

IBM DB2 9.1 < 9.1 Fix Pack 7 Information Disclosure

medium Nessus Network Monitor Plugin ID 5006

Synopsis

The remote IBM DB2 database server is affected by an information disclosure vulnerability.

Description

According to its version, the installed version of IBM DB2 server is older than 9.1 Fix Pack 7. Such versions are reportedly affected by an information disclosure vulnerability. Specifically, in certain situations an INNER JOIN predicate is applied before the OUTER JOIN predicate, which could result in disclosure of sensitive information. (JR31886).

Solution

Apply IBM DB2 Version 9.1 Fix Pack 7 or higher.

See Also

http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21255607#7

http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683

http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886

Plugin Details

Severity: Medium

ID: 5006

Family: Database

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 36216

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:db2

Reference Information

CVE: CVE-2009-1239

BID: 34650