CVE-2020-4230
First published: Tue Feb 18 2020(Updated: )
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Db2 | =11.1 | |
| IBM Db2 | =11.5 | |
| IBM AIX | ||
| Linux Kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-4230?
CVE-2020-4230 has a medium severity rating due to the potential for privilege escalation by authenticated local attackers.
How do I fix CVE-2020-4230?
To fix CVE-2020-4230, you should apply the latest patches provided by IBM for DB2 versions 11.1 and 11.5.
Who is affected by CVE-2020-4230?
CVE-2020-4230 affects users of IBM DB2 for Linux, UNIX, and Windows versions 11.1 and 11.5.
Can CVE-2020-4230 be exploited remotely?
No, CVE-2020-4230 requires local access to the system for exploitation.
What is the impact of CVE-2020-4230?
The impact of CVE-2020-4230 is the potential for an authenticated local attacker to gain elevated privileges on the system.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm db2
- version/ibm db2/11.1
- version/ibm db2/11.5
- canonical/ibm aix
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows