NVD

Id
14855  
Name
CVE-2010-3475  
Description
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2010-09-20  
Modified Date
2012-01-26  
Seq
2010-3475  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
82332 14855 CVE-2010-3475 oval:org.mitre.oval:def:14609  View
82333 14855 CVE-2010-3475 IC70406  View
82334 14855 CVE-2010-3475 http://www.ibm.com/support/docview.wss?uid=swg21446455  View
82335 14855 CVE-2010-3475 43291  View
82336 14855 CVE-2010-3475 1024458  View
82337 14855 CVE-2010-3475 ADV-2010-2425  View
82338 14855 CVE-2010-3475 ibm-db2-sql-security-bypass(61873)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
36334 JVNDB-2010-002114 IBM DB2 におけるアクセス制限を回避される脆弱性 IBM DB2 は、動的 SQL キャッシュへのエントリ実行に対する権限の要求を適切に実行しないため、アクセス制限を回避される脆弱性が存在します。 CVE-2010-3475 46055 CVE-2010-3475 14855 4 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002114.html 2010-08-05 2010-11-08 View