CVE-2020-4230

EUVD-2020-25477
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/I:H/AV:L/C:H/AC:L/S:U/UI:N/PR:H/A:H/RC:C/RL:O/E:U
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
ibmdb2
11.1
ibmdb2
11.5
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/175212
https://www.ibm.com/support/pages/node/2878809
https://exchange.xforce.ibmcloud.com/vulnerabilities/175212
https://www.ibm.com/support/pages/node/2878809