CVE-2019-4057

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/S:U/A:H/I:H/UI:N/PR:H/C:H/AC:L/AV:L/RC:C/E:U/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
ibmdb2
9.7.0.0
ibmdb2
9.7.0.1
ibmdb2
9.7.0.2
ibmdb2
9.7.0.3
ibmdb2
9.7.0.4
ibmdb2
9.7.0.5
ibmdb2
9.7.0.6
ibmdb2
9.7.0.7
ibmdb2
9.7.0.8
ibmdb2
9.7.0.9
ibmdb2
9.7.0.10
ibmdb2
9.7.0.11
ibmdb2
10.1.0.0
ibmdb2
10.1.0.1
ibmdb2
10.1.0.2
ibmdb2
10.1.0.3
ibmdb2
10.1.0.4
ibmdb2
10.1.0.5
ibmdb2
10.1.0.6
ibmdb2
10.5.0.0
ibmdb2
10.5.0.1
ibmdb2
10.5.0.2
ibmdb2
10.5.0.3
ibmdb2
10.5.0.4
ibmdb2
10.5.0.5
ibmdb2
10.5.0.6
ibmdb2
10.5.0.7
ibmdb2
10.5.0.8
ibmdb2
10.5.0.9
ibmdb2
10.5.0.10
ibmdb2
11.1.0.0
ibmdb2
11.1.1.1
ibmdb2
11.1.2.2
ibmdb2
11.1.3.3
ibmdb2
11.1.4.4
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/156567
https://www.ibm.com/support/docview.wss?uid=ibm10880735
https://exchange.xforce.ibmcloud.com/vulnerabilities/156567
https://www.ibm.com/support/docview.wss?uid=ibm10880735