CVE-2009-1905Improper Authentication in IBM DB2

CWE-287Improper Authentication3 documents3 sources
Severity
2.6LOWNVD
EPSS
0.5%
top 34.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedJun 3
Latest updateMay 3

Description

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDibm/db28.0+4

Patches

Patch: ftp.software.ibm.comPatch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-fcjc-w42v-v5hp: The Common Code Infrastructure component in IBM DB2 8 before FP17, 92022-05-03
CVEList
CVE-2009-1905: The Common Code Infrastructure component in IBM DB2 8 before FP17, 92009-06-03
CVE-2009-1905 — Improper Authentication in IBM DB2 | cvebase