CVE-2010-3733IBM DB2 vulnerability

CWE-2644 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 87.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedOct 5
Latest updateMay 17

Description

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDibm/db29.5

🔴Vulnerability Details

2
GHSA
GHSA-882r-vmg6-cv26: The Engine Utilities component in IBM DB2 UDB 92022-05-17
CVEList
CVE-2010-3733: The Engine Utilities component in IBM DB2 UDB 92010-10-05

💥Exploits & PoCs

1
Exploit-DB
VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal2009-10-27
CVE-2010-3733 — IBM DB2 vulnerability | cvebase