← Back

CVE-2019-4606

nvd nist
Published: Dec 12, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.

Affected (8)

Ibm
1 product
Db2 High Performance Unload Load
Configuration A
8 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Ibm
Db2 High Performance Unload Load
Version 5.1.0.0
Db2 High Performance Unload Load
Version 5.1.0.1
Db2 High Performance Unload Load
Version 6.1.0.0
Db2 High Performance Unload Load
Version 6.1.0.1
Db2 High Performance Unload Load
Version 6.1.0.2
Db2 High Performance Unload Load
Version 6.1.0.3
Db2 High Performance Unload Load
Version 6.5.0.0
Db2 High Performance Unload Load
Version 6.5.0.0 if1
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Microsoft
Windows
All versions
Opengroup
Unix
All versions

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (4)

Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.