USERS AFFECTED:
All DB2 UDB systems on all Linux, Unix, and Windows platforms at service levels from Version 9.1 GA through 9.1 FP1 are vulnerable. Users are encouraged to update to 9.1 FP2.
It is possible to bypass DB2 authorization checking. This vulnerability can enable a user who holds SELECT privilege on a table to update or delete the contents of the table, even if they do not hold the required update and/or delete privileges.
APAR information
APAR number : JR25941
Reported component name : DB2 UDB WSE WIN
Reported component ID : 5765F3501
Reported release : 910
Status : CLOSED
PER PE : NoPE
HIPER : YesHIPER
Special Attention : NoSpecatt
Submitted date : 2007-02-12
Closed date : 2007-02-22
Last modified date : 2007-02-22
http://www-1.ibm.com/support/docview.wss?uid=swg1JR25941
You must be logged in to post a comment.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jan | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | |||
24 queries. 0.519 seconds
