CVE-2015-1922

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526
http://www-01.ibm.com/support/docview.wss?uid=swg21959650
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525	Vendor Advisory
http://www.securitytracker.com/id/1032879
http://www.securityfocus.com/bid/75911

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2:9.7::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.8::::workgroup:::
	cpe:2.3:a:ibm:db2:10.1::::workgroup:::
	cpe:2.3:a:ibm:db2:10.5::::enterprise:::
	cpe:2.3:a:ibm:db2:10.5::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7::::workgroup:::
	cpe:2.3:a:ibm:db2:9.8::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.8::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:10.1::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:10.1::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:10.1::::enterprise:::
	cpe:2.3:a:ibm:db2:10.5::::workgroup:::
	cpe:2.3:a:ibm:db2:10.5::::express:::
	cpe:2.3:a:ibm:db2:9.7::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7::::express:::
	cpe:2.3:a:ibm:db2:9.8::::express:::
	cpe:2.3:a:ibm:db2:9.8::::enterprise:::
	cpe:2.3:a:ibm:db2:10.1::::express:::
	cpe:2.3:a:ibm:db2:10.5::::advanced_enterprise:::

Information

Published : 2015-07-19 18:59

Updated : 2018-09-26 03:29

NVD link : CVE-2015-1922

Mitre link : CVE-2015-1922

JSON object : View

CWE

CWE-284

Improper Access Control

Advertisement

Products Affected

ibm

db2

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08526", "name": "IT08526", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959650", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959650", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08523", "name": "IT08523", "tags": ["Patch", "Vendor Advisory"], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08524", "name": "IT08524", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08525", "name": "IT08525", "tags": ["Vendor Advisory"], "refsource": "AIXAPAR"}, {"url": "http://www.securitytracker.com/id/1032879", "name": "1032879", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/75911", "name": "75911", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-284"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-1922", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2015-07-20T01:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:advanced_workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:advanced_workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.8:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-09-26T10:29Z"}