Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2016-04-27 |
| Product | db2 | Last view | 2021-06-16 |
| Version | 9.7.0.11 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | advanced_workgroup | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:db2 | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2021-06-16 | CVE-2021-29702 | Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. |
| 7.8 | 2021-03-11 | CVE-2020-5025 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661. |
| 7.5 | 2021-03-11 | CVE-2020-5024 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660. |
| 4.4 | 2021-03-11 | CVE-2020-4976 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469. |
| 7.8 | 2020-11-20 | CVE-2020-4739 | IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. |
| 6.5 | 2019-07-01 | CVE-2019-4386 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714. |
| 7.3 | 2016-09-30 | CVE-2016-5995 | Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. |
| 4.3 | 2016-04-27 | CVE-2016-0211 | IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 14% (1) | CWE-749 | Exposed Dangerous Method or Function |
| 14% (1) | CWE-426 | Untrusted Search Path |
| 14% (1) | CWE-276 | Incorrect Default Permissions |
| 14% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 14% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 14% (1) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 14% (1) | CWE-20 | Improper Input Validation |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-11-15 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_105fp8_nix.nasl - Type: ACT_GATHER_INFO |
| 2016-05-26 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_97fp11_35317_nix.nasl - Type: ACT_GATHER_INFO |
| 2016-05-26 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_97fp11_35317_win.nasl - Type: ACT_GATHER_INFO |
| 2016-05-26 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_connect_97fp11_35317_win.nasl - Type: ACT_GATHER_INFO |
