Main Vulnerability Database Vulnerabilities #VU64637

#VU64637 Permissions, Privileges, and Access Controls in IBM DB2 - CVE-2020-4230

Published: June 24, 2022

Vulnerability identifier: #VU64637

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-4230

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
IBM DB2

Software vendor:
IBM Corporation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. An authenticated local attacker with special permissions can execute specially crafted Db2 commands and escalate privileges on the system.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/2878809
https://exchange.xforce.ibmcloud.com/vulnerabilities/175212

#VU64637 Permissions, Privileges, and Access Controls in IBM DB2 - CVE-2020-4230

Description

Remediation

External links

Please verify you're human