Vulnerability Details : CVE-2011-0757
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.
Threat overview for CVE-2011-0757
Top countries where our scanners detected CVE-2011-0757
Top open port discovered on systems with this issue
523
IPs affected by CVE-2011-0757 68
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-0757!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-0757
Probability of exploitation activity in the next 30 days: 0.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0757
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2011-0757
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0757
-
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814
IBM IC66814: SECURITY: User continues to have privilege to execute a non-DDL statement after their DBADM authority has been revoked.
-
http://www.securityfocus.com/bid/46064
IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability
-
http://www.ibm.com/support/docview.wss?uid=swg1IC66814
IBM IC66814: SECURITY: User continues to have privilege to execute a non-DDL statement after their DBADM authority has been revoked.
-
http://www.ibm.com/support/docview.wss?uid=swg1IC66815
IBM IC66815: SECURITY: User continues to have privilege to execute a non-DDL statement after their DBADM authority has been revoked.
-
http://www.ibm.com/support/docview.wss?uid=swg21426108
IBM notice: The page you requested cannot be displayed
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295
Repository / Oval Repository
-
http://www.ibm.com/support/docview.wss?uid=swg1IC66811
IBM IC66811: SECURITY: User continues to have privilege to execute a non-DDL statement after their DBADM authority has been revoked.
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65008
IBM DB2 DBADM privilege escalation CVE-2011-0757 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815
IBM IC66815: SECURITY: User continues to have privilege to execute a non-DDL statement after their DBADM authority has been revoked.
-
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811
IBM IC66811: SECURITY: User continues to have privilege to execute a non-DDL statement after their DBADM authority has been revoked.
Products affected by CVE-2011-0757
- cpe:2.3:a:ibm:db2:*:fp6:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:*:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:*:fp9:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*