CVE-2009-4326

IBM DB2 <9.5 FP5, <9.7 FP1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.

References (9)

Core 9
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3520
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37332
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37759

Scores

EPSS 0.0179
EPSS Percentile 75.8%

Details

CWE
CWE-200
Status published
Products (2)
ibm/db2 9.5 (7 CPE variants)
ibm/db2 9.7
Published Dec 16, 2009
Tracked Since Feb 18, 2026