CVE-2020-5025 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ibm	CNA	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.0/PR:N/AV:L/AC:L/UI:N/S:U/I:H/A:H/C:H/RC:C/RL:O/E:U
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Vendor	Product	Version
ibm	db2	11.1.0.0 ≤ 𝑥 < 11.1.4.6
ibm	db2	11.5 ≤ 𝑥 < 11.5.5.0
ibm	db2	9.7
ibm	db2	9.7:fp1
ibm	db2	9.7:fp10
ibm	db2	9.7:fp2
ibm	db2	9.7:fp3
ibm	db2	9.7:fp3a
ibm	db2	9.7:fp4
ibm	db2	9.7:fp5
ibm	db2	9.7:fp6
ibm	db2	9.7:fp7
ibm	db2	9.7:fp8
ibm	db2	9.7:fp9
ibm	db2	9.7:fp9a
ibm	db2	10.1
ibm	db2	10.1:fp1
ibm	db2	10.1:fp2
ibm	db2	10.1:fp3
ibm	db2	10.1:fp3a
ibm	db2	10.1:fp4
ibm	db2	10.1:fp5
ibm	db2	10.5
ibm	db2	10.5:fp1
ibm	db2	10.5:fp2
ibm	db2	10.5:fp3
ibm	db2	10.5:fp3a
ibm	db2	10.5:fp4
ibm	db2	10.5:fp5
ibm	db2	10.5:fp6
ibm	db2	10.5:fp7
ibm	db2	10.5:fp8
ibm	db2	10.5:fp9
netapp	oncommand_insight	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/193661

https://security.netapp.com/advisory/ntap-20210409-0003/

https://www.ibm.com/support/pages/node/6427855

https://exchange.xforce.ibmcloud.com/vulnerabilities/193661

https://security.netapp.com/advisory/ntap-20210409-0003/

https://www.ibm.com/support/pages/node/6427855