← Back

CVE-2010-3738

nvd nist
Published: Oct 5, 2010Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.

Affected (10)

Products: Ibm: Db2
Ibm
1 product
Db2
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Db2
Version 9.5
Db2
Version 9.5 fp1
Db2
Version 9.5 fp2
Db2
Version 9.5 fp2a
Db2
Version 9.5 fp3
Db2
Version 9.5 fp3a
Db2
Version 9.5 fp3b
Db2
Version 9.5 fp4
Db2
Version 9.5 fp4a
Db2
Version 9.5 fp5

Related CWEs

CWE-264
CWE-264

References (6)

ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT (unsafe URL)
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.