CVE-2009-1905

Description

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

References

Link	Tags
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/50909	vdb entry
http://www-01.ibm.com/support/docview.wss?uid=swg21318189	patch
http://www.securityfocus.com/bid/36540	vdb entry
http://www.securityfocus.com/bid/35171	vdb entry
http://securitytracker.com/id?1022319	vdb entry
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268	patch vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21293566	patch
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272	patch vendor advisory
http://secunia.com/advisories/31787	third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273	patch vendor advisory
http://secunia.com/advisories/35235	third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21386689	patch

Frequently Asked Questions

What is the severity of CVE-2009-1905?: CVE-2009-1905 has been scored as a low severity vulnerability.
How to fix CVE-2009-1905?: To fix CVE-2009-1905, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2009-1905 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2009-1905 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-287 – Improper Authentication

References

Frequently Asked Questions