CVE-2012-0709 — Improper Input Validation in IBM DB2

CWE-20 — Improper Input Validation3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 43.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedMar 20
Latest updateMay 17

Description

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDibm/db29.5, 9.7, 9.8+2

🔴Vulnerability Details

2
GHSA
GHSA-6p4f-hxhf-9w35: IBM DB2 9↗2022-05-17
â–¶
CVEList
CVE-2012-0709: IBM DB2 9↗2012-03-20
â–¶
CVE-2012-0709 — Improper Input Validation in IBM DB2 | cvebase