The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Db2 | Ibm | 9.1-fp1 (including) | 9.1-fp1 (including) |
| Db2 | Ibm | 9.1-fp2 (including) | 9.1-fp2 (including) |
| Db2 | Ibm | 9.1-fp3 (including) | 9.1-fp3 (including) |
| Db2 | Ibm | 9.1-fp3a (including) | 9.1-fp3a (including) |
| Db2 | Ibm | 9.1-fp4 (including) | 9.1-fp4 (including) |
| Db2 | Ibm | 9.1-fp4a (including) | 9.1-fp4a (including) |
| Db2 | Ibm | 9.1-fp5 (including) | 9.1-fp5 (including) |
| Db2 | Ibm | 9.1-fp6 (including) | 9.1-fp6 (including) |
| Db2 | Ibm | 9.1-fp6a (including) | 9.1-fp6a (including) |
| Db2 | Ibm | 9.1-fp7 (including) | 9.1-fp7 (including) |
| Db2 | Ibm | 9.5-fp1 (including) | 9.5-fp1 (including) |
| Db2 | Ibm | 9.5-fp2 (including) | 9.5-fp2 (including) |
| Db2 | Ibm | 9.5-fp2a (including) | 9.5-fp2a (including) |
| Db2 | Ibm | 9.5-fp3 (including) | 9.5-fp3 (including) |
| Db2 | Ibm | 9.5-fp3a (including) | 9.5-fp3a (including) |
| Db2 | Ibm | 9.5-fp3b (including) | 9.5-fp3b (including) |
| Db2 | Ibm | 9.5-fp4 (including) | 9.5-fp4 (including) |
| Db2 | Ibm | 9.5-fp4a (including) | 9.5-fp4a (including) |
| Db2 | Ibm | 9.7 (including) | 9.7 (including) |