IBM DB2 9.7 < 9.7 Fix Pack 2 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 5556


The remote IBM DB2 database server is affected by multiple vulnerabilities.


Versions of IBM DB2 9.7 earlier than Fix Pack 2 are potentially affected by multiple vulnerabilities :

- If the database configuration parameter 'AUTO_REVAL' is set to 'IMMEDIATE', system granted privileges are note regenerated. (IC67008)
- 'Monitor Administrative Views' available in the SYSIBMADM schema are publicly viewable. (IC67819)
- A weakness in the SSL v3 / TLS protocol involving session renegotiation may allow an attacker to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks. (IC68055)
- By sending a specially crafted packet to Tivoli Monitoring Agent (KUDDB2) listening on TCP port 6014, it may be possible to trigger a denial of service condition. (IC68762)


Upgrade to IBM DB2 9.7 Fix Pack 2 or higher.

See Also

Plugin Details

Severity: Medium

ID: 5556

Family: Database

Published: 6/1/2010

Updated: 3/6/2019

Nessus ID: 46766

Risk Information


Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*

Patch Publication Date: 5/28/2010

Vulnerability Publication Date: 5/28/2010

Reference Information

CVE: CVE-2009-3555, CVE-2011-0757, CVE-2010-0472, CVE-2010-0462, CVE-2009-3471, CVE-2010-3193, CVE-2010-3194, CVE-2010-3195, CVE-2010-3196, CVE-2010-3197

BID: 36935, 36540, 37976, 40446, 38018

IAVA: 2011-A-0066