Published: 20/11/2020 Updated: 03/12/2020

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated malicious user to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm db2 9.7.0.0
ibm db2 10.1.0.0
ibm db2 10.5.0.0
ibm db2 11.1.0.0
ibm db2

Patch Tuesday brings bug fixes for OpenSSL, IBM, SAP, Kubernetes, Adobe, and Red Hat. And Microsoft, of course

The Register • Thomas Claburn in San Francisco • 08 Dec 2020

Light load from Redmond as everyone else seeks to bury bad news, sorry, align in update cadence

Patch Tuesday For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements. On the one hand, vendors glommed to Microsoft's Patch Tuesday on the pretense that users and system administrators could plan their patching around a regular, monthly cadence. On the other hand, it lets developers emit all their bad news at once and ideally avoid headlines specif...

CVE-2020-4739

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect