Lucene search

IbmCVE-2019-4101

HistoryJul 01, 2019 - 3:15 p.m.

CVE-2019-4101

2019-07-0115:15:12

ibm

web.nvd.nist.gov

ibm

db2

linux

unix

windows

denial of service

vulnerability

cve-2019-4101

nvd

x-force

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091.

Affected configurations

Nvd

Vulners

Node

ibmdb2Match9.7.0.0

ibmdb2Match9.7.0.1

ibmdb2Match9.7.0.2

ibmdb2Match9.7.0.3

ibmdb2Match9.7.0.4

ibmdb2Match9.7.0.5

ibmdb2Match9.7.0.6

ibmdb2Match9.7.0.7

ibmdb2Match9.7.0.8

ibmdb2Match9.7.0.9

ibmdb2Match9.7.0.10

ibmdb2Match9.7.0.11

ibmdb2Match10.1.0.0

ibmdb2Match10.1.0.1

ibmdb2Match10.1.0.2

ibmdb2Match10.1.0.3

ibmdb2Match10.1.0.4

ibmdb2Match10.1.0.5

ibmdb2Match10.1.0.6

ibmdb2Match10.5.0.0

ibmdb2Match10.5.0.1

ibmdb2Match10.5.0.2

ibmdb2Match10.5.0.3

ibmdb2Match10.5.0.4

ibmdb2Match10.5.0.5

ibmdb2Match10.5.0.6

ibmdb2Match10.5.0.7

ibmdb2Match10.5.0.8

ibmdb2Match10.5.0.9

ibmdb2Match10.5.0.10

ibmdb2Match11.1.0.0

ibmdb2Match11.1.1.1

ibmdb2Match11.1.2.2

ibmdb2Match11.1.3.3

ibmdb2Match11.1.4.4

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
ibmdb29.7.0.0cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*
ibmdb29.7.0.1cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
ibmdb29.7.0.2cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
ibmdb29.7.0.3cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
ibmdb29.7.0.4cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
ibmdb29.7.0.5cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
ibmdb29.7.0.6cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
ibmdb29.7.0.7cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
ibmdb29.7.0.8cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
ibmdb29.7.0.9cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.7.0.0	cpe:2.3:a:ibm:db2:9.7.0.0:::::::*
ibm	db2	9.7.0.1	cpe:2.3:a:ibm:db2:9.7.0.1:::::::*
ibm	db2	9.7.0.2	cpe:2.3:a:ibm:db2:9.7.0.2:::::::*
ibm	db2	9.7.0.3	cpe:2.3:a:ibm:db2:9.7.0.3:::::::*
ibm	db2	9.7.0.4	cpe:2.3:a:ibm:db2:9.7.0.4:::::::*
ibm	db2	9.7.0.5	cpe:2.3:a:ibm:db2:9.7.0.5:::::::*
ibm	db2	9.7.0.6	cpe:2.3:a:ibm:db2:9.7.0.6:::::::*
ibm	db2	9.7.0.7	cpe:2.3:a:ibm:db2:9.7.0.7:::::::*
ibm	db2	9.7.0.8	cpe:2.3:a:ibm:db2:9.7.0.8:::::::*
ibm	db2	9.7.0.9	cpe:2.3:a:ibm:db2:9.7.0.9:::::::*

Rows per page:

1-10 of 371

CNA Affected

[
  {
    "product": "DB2 for Linux, UNIX and Windows",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.5"
      },
      {
        "status": "affected",
        "version": "10.1"
      },
      {
        "status": "affected",
        "version": "11.1"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109021

exchange.xforce.ibmcloud.com/vulnerabilities/158091

www.ibm.com/support/docview.wss?uid=ibm10880741

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

Related for CVE-2019-4101