Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.901156
Categoría:Databases
Título:IBM Db2 Multiple Security Bypass Vulnerabilities
Resumen:IBM Db2 is prone to multiple security bypass vulnerabilities.
Descripción:Summary:
IBM Db2 is prone to multiple security bypass vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- An error in the application while revoking privileges on a database object
from the 'PUBLIC' group, which does not mark the dependent functions as 'INVALID'.

- An error in the application while compiling a compound SQL statement with
an 'update' statement can be exploited by an unprivileged user to execute
the query from the dynamic SQL cache.

Vulnerability Impact:
Successful exploitation will allow attackers to bypass security restrictions.

Affected Software/OS:
IBM Db2 versions prior to 9.7 Fix Pack 3.

Solution:
Upgrade to IBM Db2 version 9.7 Fix Pack 3 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: BugTraq ID: 43291
Common Vulnerability Exposure (CVE) ID: CVE-2010-3474
AIX APAR: IC68015
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015
http://www.securityfocus.com/bid/43291
http://osvdb.org/68121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669
http://www.securitytracker.com/id?1024457
http://secunia.com/advisories/41444
http://www.vupen.com/english/advisories/2010/2425
XForce ISS Database: ibm-db2-public-security-bypass(61872)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61872
Common Vulnerability Exposure (CVE) ID: CVE-2010-3475
AIX APAR: IC70406
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
http://osvdb.org/68122
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609
http://www.securitytracker.com/id?1024458
XForce ISS Database: ibm-db2-sql-security-bypass(61873)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61873
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.