Lucene search

[email protected]CVE-2004-0795

HistoryOct 20, 2004 - 4:00 a.m.

CVE-2004-0795

2004-10-2004:00:00

[email protected]

web.nvd.nist.gov

db2

remote command

server

privilege escalation

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.8%

JSON

DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.

Affected configurations

NVD

Node

ibmdb2_universal_databaseMatch8.1aix

CPENameOperatorVersion
ibm:db2_universal_databaseibm db2 universal databaseeq8.1

CPE	Name	Operator	Version
ibm:db2_universal_database	ibm db2 universal database	eq	8.1

References

marc.info/?l=bugtraq&m=107885081414173&w=2

www-1.ibm.com/support/docview.wss?uid=swg1IY53894

www.nextgenss.com/advisories/db2rmtcmd.txt

www.securityfocus.com/bid/9821

exchange.xforce.ibmcloud.com/vulnerabilities/15420

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2004-0795

cvelist1 nvd1