CVE-2010-3738IBM DB2 vulnerability

CWE-2643 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 52.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedOct 5
Latest updateMay 17

Description

The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/db29.5

🔴Vulnerability Details

2
GHSA
GHSA-3f39-gxh3-r25v: The Security component in IBM DB2 UDB 92022-05-17
CVEList
CVE-2010-3738: The Security component in IBM DB2 UDB 92010-10-05
CVE-2010-3738 — IBM DB2 vulnerability | cvebase