CVE-2010-3734 — IBM DB2 vulnerability

CWE-2643 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 53.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedOct 5

Latest updateMay 17

Description

The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/db29.5

🔴Vulnerability Details

GHSA

GHSA-rh57-x6vr-mg4q: The Install component in IBM DB2 UDB 9↗2022-05-17

▶

CVEList

CVE-2010-3734: The Install component in IBM DB2 UDB 9↗2010-10-05

▶