Improper Audit Configuration in IBM DB2 UDB 9.5 Allows Remote Connection without Discovery

Improper Audit Configuration in IBM DB2 UDB 9.5 Allows Remote Connection without Discovery

CVE-2010-3739 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.

Learn more about our Cis Benchmark Audit For Ibm Db2.