CVE-2010-3739

IBM Db2 Universal Database < 9.5 - Authentication Bypass

Title source: rule

Description

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.

References (2)

[Various Sources] ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

[Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218

Scores

EPSS 0.0025

EPSS Percentile 47.6%

Classification

CWE

CWE-287

Status draft

Affected Products (11)

ibm/db2_universal_database < 9.5

ibm/db2_universal_database

Timeline

Published Oct 05, 2010

Tracked Since Feb 18, 2026