The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Db2 | Ibm | 8.0 | 8.0 |
Db2 | Ibm | 8.0 | 8.0 |
Db2 | Ibm | 9.1 | 9.1 |
Db2 | Ibm | * | 9.1 |
Db2 | Ibm | 9.1 | 9.1 |
Db2 | Ibm | 8.0 | 8.0 |
Db2 | Ibm | 9.1 | 9.1 |
Db2 | Ibm | 8.0 | 8.0 |
Db2 | Ibm | * | 8.0 |
Db2 | Ibm | 8.0 | 8.0 |
Db2 | Ibm | 9.1 | 9.1 |
Db2 | Ibm | * | 9.5 |
Db2 | Ibm | 9.1 | 9.1 |
Db2 | Ibm | 8.0 | 8.0 |
Db2 | Ibm | 9.5 | 9.5 |
Db2 | Ibm | 8.0 | 8.0 |
Db2 | Ibm | 9.5 | 9.5 |
Db2 | Ibm | 8.0 | 8.0 |