CVE-2019-4448

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/UI:N/S:U/AV:L/C:H/AC:L/A:H/PR:N/I:H/E:U/RC:C/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
ibmdb2_high_performance_unload_load
6.1
ibmdb2_high_performance_unload_load
6.1.0.1
ibmdb2_high_performance_unload_load
6.1.0.1:if1
ibmdb2_high_performance_unload_load
6.1.0.1:if2
ibmdb2_high_performance_unload_load
6.1.0.2
ibmdb2_high_performance_unload_load
6.1.0.2:if1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=ibm10964592
https://exchange.xforce.ibmcloud.com/vulnerabilities/163489
http://www.ibm.com/support/docview.wss?uid=ibm10964592
https://exchange.xforce.ibmcloud.com/vulnerabilities/163489