CVE-2012-0709

IBM DB2 <9.5 FP9, 9.7 FP5, 9.8 FP4 - Privilege Escalation

Title source: llm
STIX 2.1

Description

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.

References (6)

Core 6
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21588100
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73493
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004

Scores

EPSS 0.0183
EPSS Percentile 76.4%

Details

CWE
CWE-20
Status published
Products (3)
ibm/db2 9.5 (14 CPE variants)
ibm/db2 9.7 (7 CPE variants)
ibm/db2 9.8 (3 CPE variants)
Published Mar 20, 2012
Tracked Since Feb 18, 2026