IBM DB2 DML Statement Execution Remote Privilege Escalation Vulnerability Network Vulnerability

Summary

This host is running IBM DB2 and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will allow attacker to gain escalated privileges and bypass certain security restrictions. Impact Level: Application

Solution

Apply the appropriate fix from below link, http://www-01.ibm.com/support/docview.wss?uid=swg21646809

Insight

The flaw is due to the program failing to limit users from the EXPLAIN authority, which will allow a remote attacker to potentially execute the SELECT, INSERT, UPDATE or DELETE DML statements with elevated privileges.

Affected

IBM DB2 versions 9.7 through FP8, 10.1 through FP2, and 10.5 through FP1

Detection

Get the installed version of IBM DB2 with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/54644
http://www-01.ibm.com/support/docview.wss?uid=swg21646809
http://www.osvdb.org/96654
http://xforce.iss.net/xforce/xfdb/86093

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4033
CVSS Base Score: 4.6
AV:N/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

MySQL Unspecified vulnerabilities-03 July-2013 (Windows)
IBM DB2 Client Interfaces component Unspecified Vulnerabilities (Win)
IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)
MongoDB BSON Object Information Disclosure Vulnerability
Oracle MySQL Server Multiple Vulnerabilities-04 Nov12 (Windows)

Take action and discover your vulnerabilities