IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Linux
  • Linux Kernel
Netapp
  • Oncommand Insight
Microsoft
  • Windows
Ibm
  • Db2

Configuration 1 [-]

AND
OR cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp10:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp6:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp7:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp8:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp9:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:fp9a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.1:-:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.1:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.1:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.1:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.1:fp3a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.1:fp4:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.1:fp5:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/193661 VDB Entry Vendor Advisory
https://security.netapp.com/advisory/ntap-20210409-0003/ Third Party Advisory
https://www.ibm.com/support/pages/node/6427855 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2021-03-10T00:00:00

Updated: 2021-04-09T08:06:23

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-5025

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-03-11T16:15:12.927

Modified: 2021-04-12T16:40:53.667

Link: CVE-2020-5025

JSON object: View

cve-icon Redhat Information

No data.

CWE