Lucene search

IbmCVE-2019-4154

HistoryJul 01, 2019 - 3:15 p.m.

CVE-2019-4154

2019-07-0115:15:12

CWE-119

ibm

web.nvd.nist.gov

ibm

db2

linux

unix

windows

buffer overflow

vulnerability

ibm x-force

cve-2019-4154

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.

Affected configurations

Nvd

Vulners

Node

ibmdb2Match9.7.0.0

ibmdb2Match9.7.0.1

ibmdb2Match9.7.0.2

ibmdb2Match9.7.0.3

ibmdb2Match9.7.0.4

ibmdb2Match9.7.0.5

ibmdb2Match9.7.0.6

ibmdb2Match9.7.0.7

ibmdb2Match9.7.0.8

ibmdb2Match9.7.0.9

ibmdb2Match9.7.0.10

ibmdb2Match9.7.0.11

ibmdb2Match10.1.0.0

ibmdb2Match10.1.0.1

ibmdb2Match10.1.0.2

ibmdb2Match10.1.0.3

ibmdb2Match10.1.0.4

ibmdb2Match10.1.0.5

ibmdb2Match10.1.0.6

ibmdb2Match10.5.0.0

ibmdb2Match10.5.0.1

ibmdb2Match10.5.0.2

ibmdb2Match10.5.0.3

ibmdb2Match10.5.0.4

ibmdb2Match10.5.0.5

ibmdb2Match10.5.0.6

ibmdb2Match10.5.0.7

ibmdb2Match10.5.0.8

ibmdb2Match10.5.0.9

ibmdb2Match10.5.0.10

ibmdb2Match11.1.0.0

ibmdb2Match11.1.1.1

ibmdb2Match11.1.2.2

ibmdb2Match11.1.3.3

ibmdb2Match11.1.4.4

AND

hphp-uxMatch-

ibmaixMatch-

linuxlinux_kernelMatch-

oraclesolarisMatch--

VendorProductVersionCPE
ibmdb29.7.0.0cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*
ibmdb29.7.0.1cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
ibmdb29.7.0.2cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
ibmdb29.7.0.3cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
ibmdb29.7.0.4cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
ibmdb29.7.0.5cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
ibmdb29.7.0.6cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
ibmdb29.7.0.7cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
ibmdb29.7.0.8cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
ibmdb29.7.0.9cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.7.0.0	cpe:2.3:a:ibm:db2:9.7.0.0:::::::*
ibm	db2	9.7.0.1	cpe:2.3:a:ibm:db2:9.7.0.1:::::::*
ibm	db2	9.7.0.2	cpe:2.3:a:ibm:db2:9.7.0.2:::::::*
ibm	db2	9.7.0.3	cpe:2.3:a:ibm:db2:9.7.0.3:::::::*
ibm	db2	9.7.0.4	cpe:2.3:a:ibm:db2:9.7.0.4:::::::*
ibm	db2	9.7.0.5	cpe:2.3:a:ibm:db2:9.7.0.5:::::::*
ibm	db2	9.7.0.6	cpe:2.3:a:ibm:db2:9.7.0.6:::::::*
ibm	db2	9.7.0.7	cpe:2.3:a:ibm:db2:9.7.0.7:::::::*
ibm	db2	9.7.0.8	cpe:2.3:a:ibm:db2:9.7.0.8:::::::*
ibm	db2	9.7.0.9	cpe:2.3:a:ibm:db2:9.7.0.9:::::::*

Rows per page:

1-10 of 391

CNA Affected

[
  {
    "product": "DB2 for Linux, UNIX and Windows",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.5"
      },
      {
        "status": "affected",
        "version": "10.1"
      },
      {
        "status": "affected",
        "version": "9.7"
      },
      {
        "status": "affected",
        "version": "11.1"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109024

exchange.xforce.ibmcloud.com/vulnerabilities/158519

www.ibm.com/support/docview.wss?uid=ibm10880737

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-4154