CVE-2020-4976 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.4 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
ibm	CNA	5.1 MEDIUM	LOCAL	LOW	NONE	CVSS:3.0/UI:N/AC:L/AV:L/PR:N/C:L/A:N/I:L/S:U/RC:C/RL:O/E:U
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 27%

Vendor	Product	Version
ibm	db2	11.1.0.0 ≤ 𝑥 < 11.1.4.6
ibm	db2	11.5 ≤ 𝑥 < 11.5.5.0
ibm	db2	9.7
ibm	db2	9.7:fp1
ibm	db2	9.7:fp10
ibm	db2	9.7:fp2
ibm	db2	9.7:fp3
ibm	db2	9.7:fp3a
ibm	db2	9.7:fp4
ibm	db2	9.7:fp5
ibm	db2	9.7:fp6
ibm	db2	9.7:fp7
ibm	db2	9.7:fp8
ibm	db2	9.7:fp9
ibm	db2	9.7:fp9a
ibm	db2	10.1
ibm	db2	10.1:fp1
ibm	db2	10.1:fp2
ibm	db2	10.1:fp3
ibm	db2	10.1:fp3a
ibm	db2	10.1:fp4
ibm	db2	10.1:fp5
ibm	db2	10.5
ibm	db2	10.5:fp1
ibm	db2	10.5:fp2
ibm	db2	10.5:fp3
ibm	db2	10.5:fp3a
ibm	db2	10.5:fp4
ibm	db2	10.5:fp5
ibm	db2	10.5:fp6
ibm	db2	10.5:fp7
ibm	db2	10.5:fp8
ibm	db2	10.5:fp9
netapp	oncommand_insight	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/192469

https://security.netapp.com/advisory/ntap-20210409-0003/

https://www.ibm.com/support/pages/node/6427859

https://exchange.xforce.ibmcloud.com/vulnerabilities/192469

https://security.netapp.com/advisory/ntap-20210409-0003/

https://www.ibm.com/support/pages/node/6427859