Privilege Escalation in IBM DB2 and DB2 Connect Products
CVE-2013-4033

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Connect; Db2
Vendor: CVE Published:; 28 August 2013

Summary

Certain versions of IBM DB2 and DB2 Connect are susceptible to a privilege escalation vulnerability that enables remote authenticated users to execute Data Manipulation Language (DML) statements. This occurs through an oversight linked to EXPLAIN authority, potentially granting escalation of privileges that can compromise database integrity and security. Organizations utilizing affected versions should review their configurations and apply necessary updates or mitigations to secure their systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/86093

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21646809

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC94523

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Aug 28, 2013
Vulnerability Reserved
Jun 7, 2013