Page 2 of 43 results (0.019 seconds)

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210. IBM Db2U 3.5, 4.0 y 4.5 es vulnerable a Cross-Site Request Forgery (CSRF), lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 237210. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237210 https://www.ibm.com/support/pages/node/6843071 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 1.5EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. Vulnerabilidad no especificada en IBM DB2 v9.7 antes de FP5 en UNIX, cuando las características Self Tuning Memory Manager (STMM) y AUTOMATIC DATABASE_MEMORY están configuradas, permite a usuarios locales provocar una denegación de servicio (caída del demonio) a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473 https://exchange.xforce.ibmcloud.com/vulnerabilities/71043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720 •

CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no fuerzan correctamente los requisitos de privilegios para acceder a la tabla, permitiendo a usuarios remotos autenticados modificar las columnas de estadísticas SYSSTAT.TABLES a través de una instrucción UPDATE. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://secunia.com/advisories/44229 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119 http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413 http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119 http://www.securityfocus.com/bid/47525 http://www.vupen.com/english/advisories/2011/1083 https://exchange.xforce.ibmcloud.com/vulnerabilities/66979 https://oval.cisecurity.org/repository/search/def • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no revoca correctamente la pertenencia a grupos, lo que permite a usuarios remotos autenticados ejecutar instrucciones non-DDL aprovechándose de la posesión heredada del rol anterior, una vulnerabilidad diferente de CVE-2011-0757. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://secunia.com/advisories/44229 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71263 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71375 http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263 http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375 http://www.securityfocus.com/bid/47525 http://www.vupen.com/english/advisories/2011/1083 https://exchange.xforce.ibmcloud.com/vulnerabilities/66980 https://oval.cisecurity.org/repository/search/def • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. IBM DB2 v9.1 anterior a FP10, v9.5 anterior a FP6a, y v9.7 anterior a FP2 en Linux, UNIX y Windows no revoca correctamente la autorización DBADM, que permite a usuarios autenticados remotamente ejecutar instrucciones no-DDL aprovechandose de la posesión anterior de esta autoridad. • http://osvdb.org/70773 http://secunia.com/advisories/43148 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815 http://www.ibm.com/support/docview.wss?uid=swg1IC66811 http://www.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •