CVE-2009-4326Sensitive Information Exposure in IBM DB2

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 28.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedDec 16
Latest updateMay 3

Description

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/db29.5, 9.7+1

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-9wv8-7hgw-3pp2: The RAND scalar function in the Common Code Infrastructure component in IBM DB2 92022-05-03
CVEList
CVE-2009-4326: The RAND scalar function in the Common Code Infrastructure component in IBM DB2 92009-12-16
CVE-2009-4326 — Sensitive Information Exposure in IBM | cvebase