CVE-2009-3473 - IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATI

CVE-2009-3473

Summary

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.

References

Vulnerable Configurations

cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-09-2013 - 05:59)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

aixapar	IZ55883
bid	36540
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21403619
osvdb	58479
secunia	36890

Last major update

11-09-2013 - 05:59

Published

29-09-2009 - 21:30

Last modified

11-09-2013 - 05:59