Instance-Level Audit Misconfiguration in IBM DB2 UDB Product
CVE-2010-3739

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Universal Database
Vendor: CVE Published:; 5 October 2010

Summary

The security feature of IBM DB2 UDB prior to FP6a has an issue where the audit facility uses instance-level settings instead of the intended database-level settings. This misconfiguration allows potential attackers to connect to the database without being properly discovered, increasing the risk of unauthorized access. Users are advised to review their audit configurations and apply the necessary patches to safeguard their database environments.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218

vendor-advisoryx_refsource_AIXAPAR

ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 5, 2010