The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.
Software | From | Fixed in |
---|---|---|
ibm / db2_universal_database | - | 9.5.x |
ibm / db2_universal_database | 9.5 | 9.5.x |
ibm / db2_universal_database | 9.5-fp1 | 9.5-fp1.x |
ibm / db2_universal_database | 9.5-fp2 | 9.5-fp2.x |
ibm / db2_universal_database | 9.5-fp2a | 9.5-fp2a.x |
ibm / db2_universal_database | 9.5-fp3 | 9.5-fp3.x |
ibm / db2_universal_database | 9.5-fp3a | 9.5-fp3a.x |
ibm / db2_universal_database | 9.5-fp3b | 9.5-fp3b.x |
ibm / db2_universal_database | 9.5-fp4 | 9.5-fp4.x |
ibm / db2_universal_database | 9.5-fp4a | 9.5-fp4a.x |
ibm / db2_universal_database | 9.5-fp5 | 9.5-fp5.x |