| Vulnerability Name: | CVE-2015-1922 (CCN-102429) | ||||||||
| Assigned: | 2015-07-10 | ||||||||
| Published: | 2015-07-10 | ||||||||
| Updated: | 2018-09-26 | ||||||||
| Summary: | The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-284 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-1922 Source: AIXAPAR Type: Patch, Vendor Advisory IT08523 Source: AIXAPAR Type: UNKNOWN IT08524 Source: AIXAPAR Type: Vendor Advisory IT08525 Source: AIXAPAR Type: UNKNOWN IT08526 Source: CONFIRM Type: UNKNOWN http://www-01.ibm.com/support/docview.wss?uid=swg21959650 Source: CCN Type: IBM Security Bulletin 1959650 IBM DB2 LUW contains a bypass security vulnerability in its Data Movement feature (CVE-2015-1922) Source: CCN Type: IBM Security Bulletin 1966964 Infosphere BigInsights is affected by multiple IBM DB2 advisories (CVE-2014-8910, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935). Source: BID Type: UNKNOWN 75911 Source: CCN Type: BID-75911 Multiple IBM DB2 Products CVE-2015-1922 Security Bypass Vulnerablity Source: SECTRACK Type: UNKNOWN 1032879 Source: XF Type: UNKNOWN ibm-db2-cve20151922-sec-bypass(102429) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||