The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Db2_universal_database | Ibm | * | 9.5 (including) |
| Db2_universal_database | Ibm | 9.5 (including) | 9.5 (including) |
| Db2_universal_database | Ibm | 9.5-fp1 (including) | 9.5-fp1 (including) |
| Db2_universal_database | Ibm | 9.5-fp2 (including) | 9.5-fp2 (including) |
| Db2_universal_database | Ibm | 9.5-fp2a (including) | 9.5-fp2a (including) |
| Db2_universal_database | Ibm | 9.5-fp3 (including) | 9.5-fp3 (including) |
| Db2_universal_database | Ibm | 9.5-fp3a (including) | 9.5-fp3a (including) |
| Db2_universal_database | Ibm | 9.5-fp3b (including) | 9.5-fp3b (including) |
| Db2_universal_database | Ibm | 9.5-fp4 (including) | 9.5-fp4 (including) |
| Db2_universal_database | Ibm | 9.5-fp4a (including) | 9.5-fp4a (including) |
| Db2_universal_database | Ibm | 9.5-fp5 (including) | 9.5-fp5 (including) |