IBM DB2 9.7 < 9.7 Fix Pack 4 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 5896


The remote IBM DB2 database server is affected by multiple vulnerabilities.


Versions of IBM DB2 9.7 earlier than Fix Pack 4 are potentially affected by multiple vulnerabilities :

- It may be possible for users to updates statistics for tables without appropriate privileges. (IC72119)
- Users continue to have privilege to execute a non-DDL statement after role membership has been revoked from its group. (IC71375)


Upgrade to IBM DB2 9.7 Fix Pack 4 or higher.

See Also

Plugin Details

Severity: Medium

ID: 5896

File Name: 5896.prm

Family: Database

Published: 2011/04/22

Modified: 2016/10/18

Dependencies: 9531

Nessus ID: 53547

Risk Information

Risk Factor: Medium


Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 4.6


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2011/04/20

Vulnerability Publication Date: 2011/04/20

Reference Information

CVE: CVE-2011-1846, CVE-2011-1847

BID: 47525