Published: 01/07/2020 Updated: 21/07/2021

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.4 | Impact Score: 2.5 | Exploitability Score: 1.8

VMScore: 320

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local malicious user to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm db2 9.7.0.0
ibm db2 10.1.0.0
ibm db2 10.5.0.0
ibm db2 11.1.0.0
ibm db2 11.5.0.0

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

The Register • Lindsay Clark • 21 Aug 2020

Lack of protections around trace facility gives local users read and write access DB2 migration problems caused IBM to resurrect Netezza, according to analyst

A bug-hunter has uncovered a vulnerability in IBM's popular enterprise database which, if left unpatched, could allow a local user to access data and kick off a denial-of-service attack. Security firm Trustwave said the shared memory vulnerability in Db2 - CVE-2020-4414 - was similar to the problems found with Cisco's Webex in June (CVE-2020-3347). According to TrustWave, "Only Db2 for LUW (Linux, Unix, Windows) is affected. Db2 for other platforms like IBM mainframes and z/OS are unaffected." M...

CVE-2020-4414

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect