The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.
Max CVSS
7.5
EPSS Score
0.53%
Published
2009-12-16
Updated
2010-06-29
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
Max CVSS
4.3
EPSS Score
0.21%
Published
2009-12-16
Updated
2010-06-29
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.
Max CVSS
5.0
EPSS Score
0.16%
Published
2009-04-03
Updated
2017-08-17
3 vulnerabilities found