Detections
Analytics
IBM DB2 9.7 < FP11 Special Build 38744 / 10.1 < FP6 Special Build 38745 / 10.5 < FP10 Special Build 38746 / 11.1.4 < FP4a Special Build 38747 Buffer Overflow Vulnerability (Windows)
high Nessus Plugin ID 126636
Language:
Synopsis
The remote database server is affected by a local privilege escalation vulnerability.Description
According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to Fix Pack 11 Special Build 38744, 10.1 prior to Fix Pack 6 Special Build 38745, 10.5 prior to Fix Pack 10 Special Build 38746, or 11.1 prior to 11.1.4 Fix Pack 4a Special Build 38747. It is, therefore, affected by a local privilege escalation vulnerability due to multiple buffer overflow vulnerabilities in DB2.Solution
Apply the appropriate IBM DB2 Fix Pack or Special Build based on the most recent fix pack level for your branch.See Also
http://www.nessus.org/u?08deaf85
http://www.nessus.org/u?2d40f485
http://www.nessus.org/u?6dbf8ac9
http://www.nessus.org/u?88af628b
http://www.nessus.org/u?f540ba24
Plugin Details
Severity: High
ID: 126636
File Name: db2_1114fp4a_win.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 7/12/2019
Updated: 2/28/2020
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-4014
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:db2
Required KB Items: SMB/db2/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 6/27/2019
Vulnerability Publication Date: 6/27/2019
Reference Information
CVE: CVE-2019-4014, CVE-2019-4101, CVE-2019-4102, CVE-2019-4154, CVE-2019-4322, CVE-2019-4386