5.1

CVE-2020-4976

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

Data is provided by the National Vulnerability Database (NVD)
IbmDb2 Version >= 11.1.0.0 < 11.1.4.6
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version >= 11.5 < 11.5.5.0
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Update-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp1
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp10
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp2
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp3
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp3a
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp4
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp5
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp6
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp7
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp8
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp9
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version9.7 Updatefp9a
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Update-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp1
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp2
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp3
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp3a
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp4
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.1 Updatefp5
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Update-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp1
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp2
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp3
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp3a
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp4
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp5
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp6
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp7
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp8
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmDb2 Version10.5 Updatefp9
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
NetappOncommand Insight Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.09% 0.257
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.4 1.8 2.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:P/A:N
psirt@us.ibm.com 5.1 2.5 2.5
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.