CVE-2015-1922Improper Access Control in IBM DB2

CWE-284Improper Access Control3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 54.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedJul 20
Latest updateMay 14

Description

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDibm/db24 versions+3

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-9hgv-73cv-626v: The Data Movement implementation in IBM DB2 92022-05-14
CVEList
CVE-2015-1922: The Data Movement implementation in IBM DB2 92015-07-20
CVE-2015-1922 — Improper Access Control in IBM DB2 | cvebase