CVE-2009-3471 — IBM DB2 vulnerability

7 documents4 sources

Severity

7.5HIGHNVD

NVD5.0

EPSS

0.8%

top 25.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedSep 29

Latest updateMay 17

Description

IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/db26 versions+5

🔴Vulnerability Details

GHSA

GHSA-84rv-5h5j-48fx: IBM DB2 9↗2022-05-17

▶

GHSA

GHSA-pq7c-3frg-72hg: IBM DB2 8 before FP18, 9↗2022-05-03

▶

CVEList

CVE-2010-3474: IBM DB2 9↗2010-09-20

▶

CVEList

CVE-2009-3471: IBM DB2 8 before FP18, 9↗2009-09-29

▶

💬Community

Bugzilla

CVE-2009-4124 ruby: Heap-based buffer overflow in the rb_str_justify() function↗2013-05-06

▶