CVE-2009-1905

CVSS V2 Low 2.6 CVSS V3 None
Description
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
Overview
  • CVE ID
  • CVE-2009-1905
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-06-03T21:00:00
  • Last Modified Date
  • 2017-08-17T01:30:34
Weakness Enumerations
CWE URL
CWE-287 http://cwe.mitre.org/data/definitions/287.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ibm:db2:*:fp16:*:*:*:*:*:* 1 OR 8.0
cpe:2.3:a:ibm:db2:*:fp4:*:*:*:*:*:* 1 OR 9.1
cpe:2.3:a:ibm:db2:*:fp1:*:*:*:*:*:* 1 OR 9.5
cpe:2.3:a:ibm:db2:8.0:fix_pack15:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:* 0 OR
cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:H/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 2.6
  • Severity
  • LOW
  • Exploitability Score
  • 4.9
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/35171
http://secunia.com/advisories/31787 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268 Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273 Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272 Patch Vendor Advisory
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21386689 Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21318189 Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21293566 Patch
http://securitytracker.com/id?1022319
http://secunia.com/advisories/35235 Vendor Advisory
http://www.securityfocus.com/bid/36540
https://exchange.xforce.ibmcloud.com/vulnerabilities/50909
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-1905
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1905
History
Created Old Value New Value Data Type Notes
2022-05-10 09:01:01 Added to TrackCVE