Vulnerability Details : CVE-2011-1846
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.
Products affected by CVE-2011-1846
- cpe:2.3:a:ibm:db2:*:fp6a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:*:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*
Threat overview for CVE-2011-1846
Top countries where our scanners detected CVE-2011-1846
Top open port discovered on systems with this issue
523
IPs affected by CVE-2011-1846 68
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-1846!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-1846
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1846
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2011-1846
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1846
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688
Repository / Oval Repository
-
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71375
IBM IC71375: SECURITY: User continues to have privilege to execute a non-DDL statement after role membership has been revoked from its group
-
http://www.securityfocus.com/bid/47525
IBM DB2 Multiple Security Bypass Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66980
IBM DB2 data service security bypass CVE-2011-1846 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375
IBM IC71375: SECURITY: User continues to have privilege to execute a non-DDL statement after role membership has been revoked from its group
-
http://www.vupen.com/english/advisories/2011/1083
Webmail | OVH- OVHVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263
IBM IC71263: SECURITY: User continues to have privilege to execute a non-DDL statement after role membership has been revoked from its group
-
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71263
IBM IC71263: SECURITY: User continues to have privilege to execute a non-DDL statement after role membership has been revoked from its group
Jump to