CVE-2019-4057

EUVD-2019-13664
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/S:U/A:H/I:H/UI:N/PR:H/C:H/AC:L/AV:L/RC:C/E:U/RL:O
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
ibmdb2
9.7.0.0
ibmdb2
9.7.0.1
ibmdb2
9.7.0.2
ibmdb2
9.7.0.3
ibmdb2
9.7.0.4
ibmdb2
9.7.0.5
ibmdb2
9.7.0.6
ibmdb2
9.7.0.7
ibmdb2
9.7.0.8
ibmdb2
9.7.0.9
ibmdb2
9.7.0.10
ibmdb2
9.7.0.11
ibmdb2
10.1.0.0
ibmdb2
10.1.0.1
ibmdb2
10.1.0.2
ibmdb2
10.1.0.3
ibmdb2
10.1.0.4
ibmdb2
10.1.0.5
ibmdb2
10.1.0.6
ibmdb2
10.5.0.0
ibmdb2
10.5.0.1
ibmdb2
10.5.0.2
ibmdb2
10.5.0.3
ibmdb2
10.5.0.4
ibmdb2
10.5.0.5
ibmdb2
10.5.0.6
ibmdb2
10.5.0.7
ibmdb2
10.5.0.8
ibmdb2
10.5.0.9
ibmdb2
10.5.0.10
ibmdb2
11.1.0.0
ibmdb2
11.1.1.1
ibmdb2
11.1.2.2
ibmdb2
11.1.3.3
ibmdb2
11.1.4.4
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/156567
https://www.ibm.com/support/docview.wss?uid=ibm10880735
https://exchange.xforce.ibmcloud.com/vulnerabilities/156567
https://www.ibm.com/support/docview.wss?uid=ibm10880735