- Threat ID
- Threat Date
- Threat Name
- Require explicit authorization for cataloging
- CVE Reference
- CCE Reference
- Database Type
- IBM DB2
- All versions of IBM DB2 Databases
- DB2 can be configured to allow users that do not possess the SYSADM authority to catalog and uncatalog databases and nodes.
- Cataloging a database is the process of registering a database from a remote client to allow remote call and access. This procedure should only be restricted to user with a valid DB2 account and must have the SYSADM or SYSCTRL authority. Setting the catalog-noauth parameter to YES bypasses all permission checks and allow anyone to catalog and uncatalog databases.
It is recommended that the SYSADM authority be required to catalog and uncatalog databases and nodes, set the catalog_noauth parameter to NO.
The default value (NO or 0) for CATALOG_NOAUTH parameter indicates that SYSADM authority is required. When this parameter is set to YES or 1, SYSADM authority is not required.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.