<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1846" target="_blank">CVE</a>)</em> : IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• OVAL ID: 14688
• CVE ID: 2011-1846 (see also: NVD)
• Secunia Advisory ID: 44229
• Bugtraq ID: 47525
• ISS X-Force ID: 66980
• Related OSVDB ID: 72698
• VUPEN Advisory: ADV-2011-1083
• Vendor Specific News/Changelog Entry: http://www-01.ibm.com/support/docview.wss?uid=swg21450666
  http://www.ibm.com/support/docview.wss?uid=swg1IC71263
  http://www.ibm.com/support/docview.wss?uid=swg1IC71375

• Not Available