Vulnerability Details : CVE-2020-4230
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.
Products affected by CVE-2020-4230
- cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-4230
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-4230
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
IBM Corporation | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
References for CVE-2020-4230
-
https://www.ibm.com/support/pages/node/2878809
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2020-4230).Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/175212
IBM DB2 privilege escalation CVE-2020-4230 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to