CVE-2010-3739 - OpenCVE

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Db2 Universal Database

Configuration 1 [-]

OR	cpe:2.3:a:ibm:db2_universal_database::fp6::::::*
	cpe:2.3:a:ibm:db2_universal_database:9.5:::::::*
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp1::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp2::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp2a::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp3::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp3a::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp3b::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp4::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp4a::::::
	cpe:2.3:a:ibm:db2_universal_database:9.5:fp5::::::

References

Link	Resource
ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:20:56

Updated: 2022-10-03T16:20:56

Reserved: 2022-10-03T00:00:00

Link: CVE-2010-3739

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-10-05T18:00:33.487

Modified: 2010-10-06T04:00:00.000

Link: CVE-2010-3739

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:20:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "JR34218", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3739", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JR34218", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218"}, {"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", "refsource": "CONFIRM", "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3739", "datePublished": "2022-10-03T16:20:56", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:20:56", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2_universal_database:*:fp6:*:*:*:*:*:*", "matchCriteriaId": "1981C2E5-E186-48A7-B977-7FB8A7DBB6EE", "versionEndIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "F01421A6-B4B4-4F86-87D3-B11AEC1258CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:*:*:*:*:*:*", "matchCriteriaId": "5B561679-68AF-4586-919A-83D47195F9FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp2:*:*:*:*:*:*", "matchCriteriaId": "D66FF5FC-E01A-4DE9-B344-FA20941C806B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp2a:*:*:*:*:*:*", "matchCriteriaId": "430BE300-8260-4966-A282-B69C67B6511C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp3:*:*:*:*:*:*", "matchCriteriaId": "83FB7558-610A-4218-A347-74E1BF4509CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp3a:*:*:*:*:*:*", "matchCriteriaId": "DCA815B1-EF9D-4F43-A51E-2E808FE124C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp3b:*:*:*:*:*:*", "matchCriteriaId": "F4EB46DD-C3DF-4509-9B2E-AFEF7F3EA0D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp4:*:*:*:*:*:*", "matchCriteriaId": "ECF24F65-D158-4627-8E0C-C700CCF803D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp4a:*:*:*:*:*:*", "matchCriteriaId": "0445F99B-1AC4-43CE-85EF-7F0BC1AA093D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.5:fp5:*:*:*:*:*:*", "matchCriteriaId": "61533220-2A4F-4BEE-A6BA-27AF0CB2998E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery."}, {"lang": "es", "value": "La caracter\u00edstica de auditor\u00eda en el componente de seguridad de IBM DB2 UDB v9.5 antes de FP6a utiliza la configuraci\u00f3n de auditor\u00eda a nivel de instancia para capturar los eventos de conexi\u00f3n (tambi\u00e9n conocidos como CONNECT y AUTHENTICATION) en determinadas circunstancias, lo que podr\u00eda hacer m\u00e1s f\u00e1cil a atacantes remotos a la hora de conectarse sin ser descubiertos."}], "id": "CVE-2010-3739", "lastModified": "2010-10-06T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-10-05T18:00:33.487", "references": [{"source": "cve@mitre.org", "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}