CVE Vulnerabilities

CVE-2009-1905

Improper Authentication

Published: Jun 03, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Db2 Ibm 8.0 8.0
Db2 Ibm 8.0 8.0
Db2 Ibm 9.1 9.1
Db2 Ibm * 9.1
Db2 Ibm 9.1 9.1
Db2 Ibm 8.0 8.0
Db2 Ibm 9.1 9.1
Db2 Ibm 8.0 8.0
Db2 Ibm * 8.0
Db2 Ibm 8.0 8.0
Db2 Ibm 9.1 9.1
Db2 Ibm * 9.5
Db2 Ibm 9.1 9.1
Db2 Ibm 8.0 8.0
Db2 Ibm 9.5 9.5
Db2 Ibm 8.0 8.0
Db2 Ibm 9.5 9.5
Db2 Ibm 8.0 8.0

Potential Mitigations

References