Vulnerability Details : CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

Published 2009-12-28 19:30:00

Updated 2010-06-29 04:00:00

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-4438

Probability of exploitation activity in the next 30 days: 0.34%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-4438

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2009-4438

CWE-264

Assigned by: [email protected] (Primary)

References for CVE-2009-4438

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852

Vendor Advisory
http://www.vupen.com/english/advisories/2009/3520

Patch;Vendor Advisory

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21412902

Vendor Advisory

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543

Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21293566

Patch

CVEs referencing this url
http://www.securityfocus.com/bid/37332

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583

Vendor Advisory

Products affected by CVE-2009-4438

IBM » DB2 » Version: 9.1 Update FP1
cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.1 Update FP2
cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.1 Update FP3
cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.1 Update Fp3a
cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.1 Update FP4
cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.1 Update Fp4a
cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.5 Update FP1
cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.1 Update FP5
cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.1 Update FP6
cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.5 Update FP2
cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.5 Update FP3
cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.1 Update Fp6a
cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.1 Update FP7
cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.5 Update Fp2a
cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.7
cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.5 Update Fp3a
cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.5 Update Fp3b
cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.5 Update FP4
cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
Matching versions
IBM » DB2 » Version: 9.5 Update Fp4a
cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
Matching versions