Authorization Bypass in IBM DB2 UDB 8 by IBM
CVE-2007-4418

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Universal Database
Vendor: CVE Published:; 18 August 2007

Summary

IBM DB2 UDB 8 versions prior to Fixpak 15 exhibit a significant security flaw where the authorization checks are not appropriately enforced. This vulnerability permits remote authenticated users, equipped with specific SELECT privileges, to potentially exert unknown effects through various unspecified methods. The implications could include unauthorized access to sensitive data or other impactful actions within the database environment. It is important to note that this issue might have connections to another reported vulnerability, though details remain scarce.

References

http://www-1.ibm.com/support/docview.wss?uid=swg1JR25940

vendor-advisoryx_refsource_AIXAPAR

http://www.attrition.org/pipermail/vim/2007-August/001765...

mailing-listx_refsource_VIM

http://www.vupen.com/english/advisories/2007/2912

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Aug 18, 2007
Vulnerability Reserved
Aug 18, 2007