CVE-2009-4333
IBM DB2 9.5 - Exposure of Sensitive Information via GET SNAPSHOT FOR DYNAMIC SQL Command
Title source: llmDescription
The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.
References (7)
Core 7
Core References
Various Sources x_refsource_confirm
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
Patch x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3520
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37332
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37759
Scores
EPSS
0.0133
EPSS Percentile
67.7%
Details
CWE
CWE-200
Status
published
Products (1)
ibm/db2
9.5 (7 CPE variants)
Published
Dec 16, 2009
Tracked Since
Feb 18, 2026