Lucene search

MitreCVE-2004-0795

HistoryOct 20, 2004 - 4:00 a.m.

CVE-2004-0795

2004-10-2004:00:00

mitre

web.nvd.nist.gov

db2

remote command

server

privilege escalation

security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.019

Percentile

88.8%

JSON

DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.

Affected configurations

Nvd

Node

ibmdb2_universal_databaseMatch8.1aix

VendorProductVersionCPE
ibmdb2_universal_database8.1cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2_universal_database	8.1	cpe:2.3:a:ibm:db2_universal_database:8.1::aix:::::

References

marc.info/?l=bugtraq&m=107885081414173&w=2

www-1.ibm.com/support/docview.wss?uid=swg1IY53894

www.nextgenss.com/advisories/db2rmtcmd.txt

www.securityfocus.com/bid/9821

exchange.xforce.ibmcloud.com/vulnerabilities/15420

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.019

Percentile

88.8%

JSON

Related for CVE-2004-0795