CVE-2020-4739

EPSS 0.07%
Veröffentlicht 20.11.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 05:33:11
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Db2 Version >= 11.5 < 11.5.5.0

Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version9.7.0.0

Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.1.0.0

Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version10.5.0.0

Microsoft ≫ Windows Version-

Ibm ≫ Db2 Version11.1.0.0

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.218

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C
psirt@us.ibm.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://exchange.xforce.ibmcloud.com/vulnerabilities/188149

Vendor Advisory

VDB Entry

https://www.ibm.com/support/pages/node/6370023

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-4739

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-4739

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-4739

EUVD