N/A

The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.

N/A

N/A

IBM DB2 UDB Security组件权限许可和访问控制漏洞

IBM DB2 UDB FP6a之前的9.5版本中的Security组件通过使用对应于实例所有者而不是对应于登录用户账户的USERID和AUTHID值记录审核事件，这更容易使得远程认证用户在不被发现的情况下执行审计管理命令。

N/A

N/A