Published: 30/11/2018 Updated: 24/08/2020

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an malicious user to execute arbitrary code. IBM X-Force ID: 152462.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm db2 9.7
ibm db2 10.5
ibm db2 10.1
ibm db2 11.1

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

The Register • Lindsay Clark • 21 Aug 2020

Lack of protections around trace facility gives local users read and write access DB2 migration problems caused IBM to resurrect Netezza, according to analyst

A bug-hunter has uncovered a vulnerability in IBM's popular enterprise database which, if left unpatched, could allow a local user to access data and kick off a denial-of-service attack. Security firm Trustwave said the shared memory vulnerability in Db2 - CVE-2020-4414 - was similar to the problems found with Cisco's Webex in June (CVE-2020-3347). According to TrustWave, "Only Db2 for LUW (Linux, Unix, Windows) is affected. Db2 for other platforms like IBM mainframes and z/OS are unaffected." M...

CVE-2018-1897

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect