8.4

CVE-2019-4322

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 Version9.7
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.1
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.5
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version11.1
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.406
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@us.ibm.com 8.4 2.5 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/109002
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/161202
Vendor Advisory
VDB Entry
https://www.ibm.com/support/docview.wss?uid=ibm10884444
Patch
Vendor Advisory