CVE-2020-4230

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/I:H/AV:L/C:H/AC:L/S:U/UI:N/PR:H/A:H/RC:C/RL:O/E:U
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
ibmdb2
11.1
ibmdb2
11.5
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/175212
https://www.ibm.com/support/pages/node/2878809
https://exchange.xforce.ibmcloud.com/vulnerabilities/175212
https://www.ibm.com/support/pages/node/2878809