Back to search
CVE-2012-0709
Published: Mar 20, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
IC81387
vendor-advisory
x_refsource_AIXAPAR
IC81390
vendor-advisory
x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21588100
x_refsource_CONFIRM
IC81836
vendor-advisory
x_refsource_AIXAPAR
db2-createvariable-security-bypass(73493)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:15004
vdb-entry
signature
x_refsource_OVAL
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now