IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
IBM
Authentication Bypass
Db2
Db2 Connect
NVD
CVSS 3.0
3.7
EPSS
0.2%