VYPR
Unrated severityNVD Advisory· Published Dec 28, 2009· Updated Jun 16, 2026

CVE-2009-4438

CVE-2009-4438

Description

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

Affected products

20
  • IBM/Db220 versions
    cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
    • cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
    • (no CPE)range: >= 9.1 before FP8, >= 9.5 before FP5, >= 9.7 before FP1

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.