cpe:/a:ibm:db2:9.5 cpe:/a:ibm:db2:9.5:fp1 cpe:/a:ibm:db2:9.5:fp2 cpe:/a:ibm:db2:9.5:fp2a cpe:/a:ibm:db2:9.5:fp3 cpe:/a:ibm:db2:9.5:fp3a cpe:/a:ibm:db2:9.5:fp3b cpe:/a:ibm:db2:9.5:fp4 cpe:/a:ibm:db2:9.5:fp4a cpe:/a:ibm:db2:9.5:fp5 cpe:/a:ibm:db2:9.5:fp6 cpe:/a:ibm:db2:9.5:fp6a cpe:/a:ibm:db2:9.5:fp7 cpe:/a:ibm:db2:9.5:fp8 cpe:/a:ibm:db2:9.7 cpe:/a:ibm:db2:9.7:fp1 cpe:/a:ibm:db2:9.7:fp2 cpe:/a:ibm:db2:9.7:fp3 cpe:/a:ibm:db2:9.7:fp3a cpe:/a:ibm:db2:9.7:fp4 cpe:/a:ibm:db2:9.7:fp5 cpe:/a:ibm:db2:9.8 cpe:/a:ibm:db2:9.8:fp3 cpe:/a:ibm:db2:9.8:fp4 CVE-2012-0709 2012-03-20T16:55:01.147-04:00 2017-09-18T21:34:42.337-04:00 4.0 NETWORK LOW SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov 2012-03-21T10:09:00.000-04:00 IAVM IAVM:2012-B-0030 AIXAPAR IC81387 AIXAPAR IC81390 AIXAPAR IC81836 XF db2-createvariable-security-bypass(73493) CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21588100 IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.