CVE-2009-3473

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21403619
http://secunia.com/advisories/36890	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883
http://www.securityfocus.com/bid/36540
http://osvdb.org/58479

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2:9.1:fp1::::::
	cpe:2.3:a:ibm:db2:9.1:fp2::::::
	cpe:2.3:a:ibm:db2:9.1:fp7::::::
	cpe:2.3:a:ibm:db2:9.1:fp3::::::
	cpe:2.3:a:ibm:db2:9.1:fp4::::::
	cpe:2.3:a:ibm:db2:9.1:fp5::::::
	cpe:2.3:a:ibm:db2:9.1:fp6::::::

Information

Published : 2009-09-29 14:30

Updated : 2013-09-10 22:59

NVD link : CVE-2009-3473

Mitre link : CVE-2009-3473

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

ibm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/36890", "name": "36890", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55883", "name": "IZ55883", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.securityfocus.com/bid/36540", "name": "36540", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/58479", "name": "58479", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-3473", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-09-29T21:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-09-11T05:59Z"}

10.0 /10