CVE-2010-3475
https://notcve.org/view.php?id=CVE-2010-3475
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. IBM DB2 v9.7 anteriores a FP3 no aplican correctamente los requisitos de privilegio para la ejecución de las entradas en la caché dinámica SQL, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso destinados al aprovechar la caché para ejecutar una instrucción UPDATE contenida en una sentencia compilada de SQL. • http://osvdb.org/68122 http://secunia.com/advisories/41444 http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406 http://www.ibm.com/support/docview.wss?uid=swg21446455 http://www.securityfocus.com/bid/43291 http://www.securitytracker.com/id?1024458 http://www.vupen.com/english/advisories/2010/2425 https://exchange.xforce.ibmcloud.com/vulnerabilities/61873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-3194
https://notcve.org/view.php?id=CVE-2010-3194
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. El programa DB2DART en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 permite a atacantes evitar las restricciones de los ficheros de acceso previstas a través de vectores sin especificar relacionados con con la sobreescritura de ficheros propietarios por una instancia propietaria. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/41218 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-3193
https://notcve.org/view.php?id=CVE-2010-3193
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. Vulnerabilidad sin especificar en el programa DB2STST en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 tienen un impacto y vactores de ataque desconocidos. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/41218 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss? •
CVE-2010-3197
https://notcve.org/view.php?id=CVE-2010-3197
IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM DB2 v9.7 anterior a FP2 no realiza correctamente el control de acceso en el monitor de vistas administrativas en el esquema SYSIBMADM, lo que permite a atacantes remotos obtener información sensible a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819 http://www-01.ibm.com/support/docview.wss?uid=swg21432298 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-3195
https://notcve.org/view.php?id=CVE-2010-3195
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." Vulnerabilidad sin especificar en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 en Windows Server 2008 permite a atacantes remotos provocar una denegación de servicio (trampa) a través de vectores involucrados "Grupo especial y enumeración de usuarios" ("special group and user enumeration"). • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/41218 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss? •