CVE-2011-1846 — MEDIUM (6.5)

Q: How severe is CVE-2011-1846?

CVE-2011-1846 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1846?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.

Vulnerability Description

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Ibm	Db2	<= 9.5

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2011-1846?

CVE-2011-1846 is a vulnerability with a CVSS score of 6.5 (MEDIUM). IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by lev...

How severe is CVE-2011-1846?

CVE-2011-1846 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1846?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.