CVE-2007-1089

IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?uid=swg1JR25941	Patch
http://secunia.com/advisories/24283	Patch
http://www.attrition.org/pipermail/vim/2007-August/001765.html
http://www.vupen.com/english/advisories/2007/0721

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:linux:linux_kernel:2.6.18.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.1:::::::*
	cpe:2.3:o:microsoft:windows_xp::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19:::::::*

OR	cpe:2.3:a:ibm:db2_universal_database:::aix:::::*
	cpe:2.3:a:ibm:db2_universal_database:9.1:ga::::::

Information

Published : 2007-02-23 14:28

Updated : 2018-10-30 09:25

NVD link : CVE-2007-1089

Mitre link : CVE-2007-1089

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

windows_xp

ibm

db2_universal_database

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR25941", "name": "JR25941", "tags": ["Patch"], "refsource": "AIXAPAR"}, {"url": "http://secunia.com/advisories/24283", "name": "24283", "tags": ["Patch"], "refsource": "SECUNIA"}, {"url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html", "name": "20070818 Recent DB2 Vulnerabilities", "tags": [], "refsource": "VIM"}, {"url": "http://www.vupen.com/english/advisories/2007/0721", "name": "ADV-2007-0721", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-1089", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-02-23T22:28Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.19.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.18.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.18.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.18.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2_universal_database:*:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.1"}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_universal_database:9.1:ga:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}

7.2 /10