The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Db2 | Ibm | * | 8.0 (including) |
| Db2 | Ibm | * | 9.1 (including) |
| Db2 | Ibm | * | 9.5 (including) |
| Db2 | Ibm | 8.0-fix_pack15 (including) | 8.0-fix_pack15 (including) |
| Db2 | Ibm | 8.0-fp1 (including) | 8.0-fp1 (including) |
| Db2 | Ibm | 8.0-fp10 (including) | 8.0-fp10 (including) |
| Db2 | Ibm | 8.0-fp11 (including) | 8.0-fp11 (including) |
| Db2 | Ibm | 8.0-fp12 (including) | 8.0-fp12 (including) |
| Db2 | Ibm | 8.0-fp13 (including) | 8.0-fp13 (including) |
| Db2 | Ibm | 8.0-fp14 (including) | 8.0-fp14 (including) |
| Db2 | Ibm | 8.0-fp15 (including) | 8.0-fp15 (including) |
| Db2 | Ibm | 9.1-fp1 (including) | 9.1-fp1 (including) |
| Db2 | Ibm | 9.1-fp2 (including) | 9.1-fp2 (including) |
| Db2 | Ibm | 9.1-fp3 (including) | 9.1-fp3 (including) |
| Db2 | Ibm | 9.1-fp3a (including) | 9.1-fp3a (including) |
| Db2 | Ibm | 9.1-fp4a (including) | 9.1-fp4a (including) |
| Db2 | Ibm | 9.5-fp2 (including) | 9.5-fp2 (including) |
| Db2 | Ibm | 9.5-fp3 (including) | 9.5-fp3 (including) |