First published: Tue Jun 30 2020(Updated: )
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Db2 | =9.7.0.0 | |
Ibm Db2 | =10.1.0.0 | |
Ibm Db2 | =10.5.0.0 | |
Ibm Db2 | =11.1.0.0 | |
Ibm Db2 | =11.5.0.0 | |
Linux Linux kernel | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-4386 is medium.
CVE-2020-4386 allows a local user to obtain sensitive information using a race condition of a symbolic link in IBM DB2 for Linux, UNIX and Windows.
IBM DB2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5 are affected by CVE-2020-4386.
No, Linux Linux kernel and Microsoft Windows are not vulnerable to CVE-2020-4386.
More information about CVE-2020-4386 can be found at the following references: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/179268) [Link 2](https://www.ibm.com/support/pages/node/6242342)