Lucene search

IbmCVE-2019-4057

HistoryJul 01, 2019 - 3:15 p.m.

CVE-2019-4057

2019-07-0115:15:11

ibm

web.nvd.nist.gov

ibm

db2

linux

unix

windows

cve-2019-4057

security

vulnerability

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

12.6%

JSON

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.

Affected configurations

Nvd

Vulners

Node

ibmdb2Match9.7.0.0

ibmdb2Match9.7.0.1

ibmdb2Match9.7.0.2

ibmdb2Match9.7.0.3

ibmdb2Match9.7.0.4

ibmdb2Match9.7.0.5

ibmdb2Match9.7.0.6

ibmdb2Match9.7.0.7

ibmdb2Match9.7.0.8

ibmdb2Match9.7.0.9

ibmdb2Match9.7.0.10

ibmdb2Match9.7.0.11

ibmdb2Match10.1.0.0

ibmdb2Match10.1.0.1

ibmdb2Match10.1.0.2

ibmdb2Match10.1.0.3

ibmdb2Match10.1.0.4

ibmdb2Match10.1.0.5

ibmdb2Match10.1.0.6

ibmdb2Match10.5.0.0

ibmdb2Match10.5.0.1

ibmdb2Match10.5.0.2

ibmdb2Match10.5.0.3

ibmdb2Match10.5.0.4

ibmdb2Match10.5.0.5

ibmdb2Match10.5.0.6

ibmdb2Match10.5.0.7

ibmdb2Match10.5.0.8

ibmdb2Match10.5.0.9

ibmdb2Match10.5.0.10

ibmdb2Match11.1.0.0

ibmdb2Match11.1.1.1

ibmdb2Match11.1.2.2

ibmdb2Match11.1.3.3

ibmdb2Match11.1.4.4

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
ibmdb29.7.0.0cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*
ibmdb29.7.0.1cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
ibmdb29.7.0.2cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
ibmdb29.7.0.3cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
ibmdb29.7.0.4cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
ibmdb29.7.0.5cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
ibmdb29.7.0.6cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
ibmdb29.7.0.7cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
ibmdb29.7.0.8cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
ibmdb29.7.0.9cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.7.0.0	cpe:2.3:a:ibm:db2:9.7.0.0:::::::*
ibm	db2	9.7.0.1	cpe:2.3:a:ibm:db2:9.7.0.1:::::::*
ibm	db2	9.7.0.2	cpe:2.3:a:ibm:db2:9.7.0.2:::::::*
ibm	db2	9.7.0.3	cpe:2.3:a:ibm:db2:9.7.0.3:::::::*
ibm	db2	9.7.0.4	cpe:2.3:a:ibm:db2:9.7.0.4:::::::*
ibm	db2	9.7.0.5	cpe:2.3:a:ibm:db2:9.7.0.5:::::::*
ibm	db2	9.7.0.6	cpe:2.3:a:ibm:db2:9.7.0.6:::::::*
ibm	db2	9.7.0.7	cpe:2.3:a:ibm:db2:9.7.0.7:::::::*
ibm	db2	9.7.0.8	cpe:2.3:a:ibm:db2:9.7.0.8:::::::*
ibm	db2	9.7.0.9	cpe:2.3:a:ibm:db2:9.7.0.9:::::::*

Rows per page:

1-10 of 371

CNA Affected

[
  {
    "product": "DB2 for Linux, UNIX and Windows",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.5"
      },
      {
        "status": "affected",
        "version": "10.1"
      },
      {
        "status": "affected",
        "version": "9.7"
      },
      {
        "status": "affected",
        "version": "11.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/156567

www.ibm.com/support/docview.wss?uid=ibm10880735

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-4057