CVE-2010-3739
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
05/10/2010
Last modified:
11/04/2025
Description
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:db2_universal_database:*:fp6:*:*:*:*:*:* | 9.5 (including) | |
| cpe:2.3:a:ibm:db2_universal_database:9.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2_universal_database:9.5:fp2:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2_universal_database:9.5:fp2a:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2_universal_database:9.5:fp3:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2_universal_database:9.5:fp3a:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2_universal_database:9.5:fp3b:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2_universal_database:9.5:fp4:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2_universal_database:9.5:fp4a:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2_universal_database:9.5:fp5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page