2 matches found
Security vulnerabilities have been identified in IBM DB2 shipped with IBM Maximo Asset Management (CVE-2019-4448, CVE-2019-4447)
Summary IBM DB2 is shipped as a component of IBM Maximo Asset Management. Information about the security vulnerability affecting IBM DB2 has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-4447 DESCRIPTION: IBM DB2 High Performance Unload load shared libraries from an...
CVE-2019-4447
CVE-2019-4447 affects IBM DB2 High Performance Unload on LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2. The db2hpum_debug binary is setuid root and trusts PATH; a low-privilege user can hijack PATH to execute arbitrary commands as root, with a crash potentially tri...