All the vulnerabilites related to IBM - DB2 for Linux- UNIX and Windows
cve-2021-29702
Vulnerability from cvelistv5
Published
2021-06-16 16:15
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6463985 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/200658 | vdb-entry, x_refsource_XF | |
| https://security.netapp.com/advisory/ntap-20210720-0005/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 11.1.4 Version: 11.5.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:01.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6463985"
},
{
"name": "ibm-db2-cve202129702-dos (200658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1.4"
},
{
"status": "affected",
"version": "11.5.5"
}
]
}
],
"datePublic": "2021-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/C:N/PR:N/UI:N/S:U/A:H/AC:L/I:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T10:06:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6463985"
},
{
"name": "ibm-db2-cve202129702-dos (200658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-06-15T00:00:00",
"ID": "CVE-2021-29702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "11.1.4"
},
{
"version_value": "11.5.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6463985",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6463985 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/6463985"
},
{
"name": "ibm-db2-cve202129702-dos (200658)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200658"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210720-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210720-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29702",
"datePublished": "2021-06-16T16:15:24.434627Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T23:51:49.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4161
Vulnerability from cvelistv5
Published
2020-02-19 15:15
Modified
2024-09-16 16:57
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/2874621 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/174341 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:06.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2874621"
},
{
"name": "ibm-db2-cve20204161-dos (174341)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/PR:L/AC:L/C:N/UI:N/S:U/AV:N/I:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T15:15:45",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2874621"
},
{
"name": "ibm-db2-cve20204161-dos (174341)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-18T00:00:00",
"ID": "CVE-2020-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/2874621",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2874621 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/2874621"
},
{
"name": "ibm-db2-cve20204161-dos (174341)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4161",
"datePublished": "2020-02-19T15:15:45.862651Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T16:57:54.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4230
Vulnerability from cvelistv5
Published
2020-02-19 15:15
Modified
2024-09-16 19:31
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/2878809 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/175212 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2878809"
},
{
"name": "ibm-db2-cve20204230-priv-escalation (175212)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:H/AV:L/C:H/AC:L/S:U/UI:N/PR:H/A:H/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T15:15:47",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2878809"
},
{
"name": "ibm-db2-cve20204230-priv-escalation (175212)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175212"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-18T00:00:00",
"ID": "CVE-2020-4230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/2878809",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2878809 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/2878809"
},
{
"name": "ibm-db2-cve20204230-priv-escalation (175212)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175212"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4230",
"datePublished": "2020-02-19T15:15:47.143826Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T19:31:38.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4420
Vulnerability from cvelistv5
Published
2020-07-01 14:25
Modified
2024-09-16 20:52
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6242362 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/180076 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6242362"
},
{
"name": "ibm-db2-cve20204420-dos (180076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7"
},
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/AV:N/S:U/C:N/PR:N/UI:N/A:H/AC:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T14:25:33",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6242362"
},
{
"name": "ibm-db2-cve20204420-dos (180076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2020-4420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6242362",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6242362 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/6242362"
},
{
"name": "ibm-db2-cve20204420-dos (180076)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4420",
"datePublished": "2020-07-01T14:25:33.640391Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T20:52:33.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4135
Vulnerability from cvelistv5
Published
2020-02-19 15:15
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/2876307 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/173806 | vdb-entry, x_refsource_XF | |
| https://security.netapp.com/advisory/ntap-20210108-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2876307"
},
{
"name": "ibm-db2-cve20204135-dos (173806)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7"
},
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/PR:N/AC:L/C:N/S:U/UI:N/AV:N/I:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T11:06:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2876307"
},
{
"name": "ibm-db2-cve20204135-dos (173806)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-18T00:00:00",
"ID": "CVE-2020-4135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/2876307",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2876307 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/2876307"
},
{
"name": "ibm-db2-cve20204135-dos (173806)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4135",
"datePublished": "2020-02-19T15:15:45.454213Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:28:29.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4363
Vulnerability from cvelistv5
Published
2020-07-01 14:25
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6242332 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/178960 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6242332"
},
{
"name": "ibm-db2-cve20204363-bo (178960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7"
},
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:H/AV:L/S:U/C:H/UI:N/PR:N/A:H/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T14:25:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6242332"
},
{
"name": "ibm-db2-cve20204363-bo (178960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2020-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6242332",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6242332 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/6242332"
},
{
"name": "ibm-db2-cve20204363-bo (178960)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178960"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4363",
"datePublished": "2020-07-01T14:25:31.439469Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:11:32.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4386
Vulnerability from cvelistv5
Published
2020-07-01 14:25
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6242342 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/179268 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6242342"
},
{
"name": "ibm-db2-cve20204386-info-disc (179268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7"
},
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/A:N/UI:N/PR:N/C:H/S:U/AV:L/I:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T14:25:32",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6242342"
},
{
"name": "ibm-db2-cve20204386-info-disc (179268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2020-4386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6242342",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6242342 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/6242342"
},
{
"name": "ibm-db2-cve20204386-info-disc (179268)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179268"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4386",
"datePublished": "2020-07-01T14:25:32.319512Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:14:21.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4414
Vulnerability from cvelistv5
Published
2020-07-01 14:25
Modified
2024-09-16 23:21
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6242356 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/179989 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 Version: 9.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6242356"
},
{
"name": "ibm-db2-cve20204414-info-disc (179989)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
},
{
"status": "affected",
"version": "9.1"
}
]
}
],
"datePublic": "2020-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/A:L/PR:N/UI:N/C:L/S:U/AV:L/I:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T14:25:33",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6242356"
},
{
"name": "ibm-db2-cve20204414-info-disc (179989)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2020-4414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
},
{
"version_value": "9.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6242356",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6242356 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/6242356"
},
{
"name": "ibm-db2-cve20204414-info-disc (179989)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4414",
"datePublished": "2020-07-01T14:25:33.201603Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T23:21:53.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4200
Vulnerability from cvelistv5
Published
2020-02-19 15:15
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/2875251 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/174914 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 10.5 Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2875251"
},
{
"name": "ibm-db2-cve20204200-dos (174914)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/I:N/PR:L/A:H/UI:N/S:U/C:N/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T15:15:46",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2875251"
},
{
"name": "ibm-db2-cve20204200-dos (174914)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174914"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-18T00:00:00",
"ID": "CVE-2020-4200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/2875251",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2875251 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/2875251"
},
{
"name": "ibm-db2-cve20204200-dos (174914)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174914"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4200",
"datePublished": "2020-02-19T15:15:46.270256Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:54:03.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4642
Vulnerability from cvelistv5
Published
2020-12-23 16:30
Modified
2024-09-16 22:50
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6391652 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/185589 | vdb-entry, x_refsource_XF | |
| https://security.netapp.com/advisory/ntap-20210129-0009/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6391652"
},
{
"name": "ibm-db2-cve20204642-dos (185589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7"
},
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the \"DB2 Management Service\"."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/C:N/UI:N/PR:N/I:N/AV:L/AC:L/A:H/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T06:06:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6391652"
},
{
"name": "ibm-db2-cve20204642-dos (185589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0009/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-12-22T00:00:00",
"ID": "CVE-2020-4642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the \"DB2 Management Service\"."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6391652",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6391652 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/6391652"
},
{
"name": "ibm-db2-cve20204642-dos (185589)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210129-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210129-0009/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4642",
"datePublished": "2020-12-23T16:30:15.419298Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:50:23.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4355
Vulnerability from cvelistv5
Published
2020-07-01 14:25
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6242350 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/178507 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6242350"
},
{
"name": "ibm-db2-cve20204355-dos (178507)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7"
},
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/AV:N/S:U/C:N/UI:N/PR:N/A:L/AC:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T14:25:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6242350"
},
{
"name": "ibm-db2-cve20204355-dos (178507)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2020-4355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6242350",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6242350 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/6242350"
},
{
"name": "ibm-db2-cve20204355-dos (178507)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4355",
"datePublished": "2020-07-01T14:25:30.996706Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:07:54.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4204
Vulnerability from cvelistv5
Published
2020-02-19 15:15
Modified
2024-09-16 17:38
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/2875875 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/174960 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2875875"
},
{
"name": "ibm-db2-cve20204204-bo (174960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7"
},
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/UI:N/C:H/AC:L/PR:N/A:H/I:H/AV:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T15:15:46",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2875875"
},
{
"name": "ibm-db2-cve20204204-bo (174960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174960"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-18T00:00:00",
"ID": "CVE-2020-4204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/2875875",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2875875 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/2875875"
},
{
"name": "ibm-db2-cve20204204-bo (174960)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174960"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4204",
"datePublished": "2020-02-19T15:15:46.680208Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:38:12.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4387
Vulnerability from cvelistv5
Published
2020-07-01 14:25
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6242336 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/179269 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | DB2 for Linux- UNIX and Windows |
Version: 9.7 Version: 10.1 Version: 10.5 Version: 11.1 Version: 11.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6242336"
},
{
"name": "ibm-db2-cve20204387-info-disc (179269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DB2 for Linux- UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7"
},
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "11.5"
}
]
}
],
"datePublic": "2020-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/UI:N/PR:N/A:N/AC:L/I:N/AV:L/S:U/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T14:25:32",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6242336"
},
{
"name": "ibm-db2-cve20204387-info-disc (179269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-30T00:00:00",
"ID": "CVE-2020-4387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux- UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6242336",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6242336 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/6242336"
},
{
"name": "ibm-db2-cve20204387-info-disc (179269)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4387",
"datePublished": "2020-07-01T14:25:32.753616Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T20:06:33.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}