CVE-2007-4417

3 documents3 sources

Severity

6.0MEDIUM

EPSS

1.2%

top 21.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedAug 18

Latest updateMay 1

Description

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/db2_universal_database8.0+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-q23q-ghm4-c2r9: IBM DB2 UDB 8 before Fixpak 15 and 9↗2022-05-01

▶

CVEList

CVE-2007-4417: IBM DB2 UDB 8 before Fixpak 15 and 9↗2007-08-18

▶