Vulnerability Database

315,294

Total vulnerabilities in the database

CVE-2009-3473

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.

  • Published: Sep 29, 2009
  • Updated: Nov 9, 2025
  • CVE: CVE-2009-3473
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Software From Fixed in
ibm / db2 9.1-fp4 9.1-fp4.x
ibm / db2 9.1-fp1 9.1-fp1.x
ibm / db2 9.1-fp5 9.1-fp5.x
ibm / db2 9.1-fp3 9.1-fp3.x
ibm / db2 9.1-fp6 9.1-fp6.x
ibm / db2 9.1-fp2 9.1-fp2.x
ibm / db2 9.1-fp7 9.1-fp7.x