CVE-2009-4333

IBM DB2 9.5 - Exposure of Sensitive Information via GET SNAPSHOT FOR DYNAMIC SQL Command

Title source: llm
STIX 2.1

Description

The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.

References (7)

Core 7
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3520
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37332
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37759

Scores

EPSS 0.0133
EPSS Percentile 67.7%

Details

CWE
CWE-200
Status published
Products (1)
ibm/db2 9.5 (7 CPE variants)
Published Dec 16, 2009
Tracked Since Feb 18, 2026