CVE-2020-4976

🗓️ 11 Mar 2021 15:30:25Reported by ibmType

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 52 Views

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions

Reporter	Title	Published	Views	Family All 33
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities may affect IBM DB2 shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises	18 May 202115:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i2 Analyze is affected by multiple DB2 vulnerabilities	30 Jul 202105:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Db2 affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise	30 Apr 202114:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found in IBM DB2 which is shipped with IBM® Intelligent Operations Center(CVE-2020-5024, CVE-2020-5025, CVE-2020-4976)	8 Sep 202213:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in IBM® Db2® which is shipped with IBM Operations Analyticsg Predictive Insights	13 Jun 202123:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product.	18 Dec 202101:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product.	18 Dec 202100:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with WebSphere Remote Server	14 Dec 202120:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DB2 Server Vulnerabilities Affect IBM Emptoris Program Management	23 Apr 202104:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Db2® Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2®	19 Apr 202116:53	–	ibm

NVD

Vulners

Node

ibm db2Range11.1.0.0–11.1.4.6

ibm db2Range11.5–11.5.5.0

ibm db2Match9.7-

ibm db2Match9.7fp1

ibm db2Match9.7fp10

ibm db2Match9.7fp2

ibm db2Match9.7fp3

ibm db2Match9.7fp3a

ibm db2Match9.7fp4

ibm db2Match9.7fp5

ibm db2Match9.7fp6

ibm db2Match9.7fp7

ibm db2Match9.7fp8

ibm db2Match9.7fp9

ibm db2Match9.7fp9a

ibm db2Match10.1-

ibm db2Match10.1fp1

ibm db2Match10.1fp2

ibm db2Match10.1fp3

ibm db2Match10.1fp3a

ibm db2Match10.1fp4

ibm db2Match10.1fp5

ibm db2Match10.5-

ibm db2Match10.5fp1

ibm db2Match10.5fp2

ibm db2Match10.5fp3

ibm db2Match10.5fp3a

ibm db2Match10.5fp4

ibm db2Match10.5fp5

ibm db2Match10.5fp6

ibm db2Match10.5fp7

ibm db2Match10.5fp8

ibm db2Match10.5fp9

AND

linux linux_kernelMatch-

microsoft windowsMatch-

Node

netapp oncommand_insightMatch-

[
  {
    "product": "DB2 for Linux, UNIX and Windows",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.5"
      },
      {
        "status": "affected",
        "version": "10.1"
      },
      {
        "status": "affected",
        "version": "9.7"
      },
      {
        "status": "affected",
        "version": "11.1"
      },
      {
        "status": "affected",
        "version": "11.5"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/192469
security	www.security.netapp.com/advisory/ntap-20210409-0003/
ibm	www.ibm.com/support/pages/node/6427859

21 Nov 2024 05:33Current

5.4Medium risk

Vulners AI Score5.4

CVSS 23.6

CVSS 3.14.4

CVSS 35.1

EPSS0.00037

CWE-276