IBM DB2 is shipped with IBM License Metric Tool.
Information about a security vulnerabilities affecting IBM DB2 has been published in a security bulletin.
CVEID: CVE-2019-4322 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161202> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-4102 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158092> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-4057 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root.
CVSS Base Score: 6.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156567> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-4101 DESCRIPTION: DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158091> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-4154 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158519> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM License Metric Tool v9.x
Refer to the following security bulletins for vulnerabilities details and information about fixes:
<https://www-01.ibm.com/support/docview.wss?uid=ibm10884444>
<https://www-01.ibm.com/support/docview.wss?uid=ibm10880743>
<https://www-01.ibm.com/support/docview.wss?uid=ibm10880735>
<https://www-01.ibm.com/support/docview.wss?uid=ibm10880741>
<https://www-01.ibm.com/support/docview.wss?uid=ibm10880737>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm license metric tool | eq | 9.2 |