CVE-2020-4976
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/03/2021
Last modified:
12/04/2021
Description
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Base Score 2.0
3.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:* | 11.1.0.0 (including) | 11.1.4.6 (excluding) |
| cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:* | 11.5 (including) | 11.5.5.0 (excluding) |
| cpe:2.3:a:ibm:db2:9.7:-:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp10:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp6:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp7:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp8:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp9:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:fp9a:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page