Vulnerability Details : CVE-2011-1847
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.
Threat overview for CVE-2011-1847
Top countries where our scanners detected CVE-2011-1847
Top open port discovered on systems with this issue
523
IPs affected by CVE-2011-1847 68
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-1847!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-1847
Probability of exploitation activity in the next 30 days: 0.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1847
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:N/I:P/A:P |
6.8
|
4.9
|
NIST |
CWE ids for CVE-2011-1847
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1847
-
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119
IBM IC72119: Users able to update statistics for tables without appropriate privileges
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413
IBM IC71413: Users able to update statistics for tables without appropriate privileges
-
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413
IBM IC71413: Users able to update statistics for tables without appropriate privileges
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66979
IBM DB2 Relational Data Services security bypass CVE-2011-1847 Vulnerability Report
-
http://www.securityfocus.com/bid/47525
IBM DB2 Multiple Security Bypass Vulnerabilities
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119
IBM IC72119: Users able to update statistics for tables without appropriate privileges
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2011/1083
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2011-1847
- cpe:2.3:a:ibm:db2:*:fp6a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:*:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*