CVE-2010-3739

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.4MEDIUM

EPSS

0.2%

top 52.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedOct 5

Latest updateMay 17

Description

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDibm/db2_universal_database9.5+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-grgh-7h4m-hpfr: The audit facility in the Security component in IBM DB2 UDB 9↗2022-05-17

▶

CVEList

CVE-2010-3739: The audit facility in the Security component in IBM DB2 UDB 9↗2010-10-05

▶