2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2020-5025" ,
"sourceIdentifier" : "psirt@us.ibm.com" ,
"published" : "2021-03-11T16:15:12.927" ,
"lastModified" : "2021-04-12T16:40:53.667" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661."
} ,
{
"lang" : "es" ,
"value" : "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, db2fm es vulnerable a un desbordamiento del b\u00fafer, causado por una comprobaci\u00f3n inapropiada de l\u00edmites que podr\u00eda permitir a un atacante local ejecutar c\u00f3digo arbitrario en el sistema con privilegios root. IBM X-Force ID: 193661"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV30" : [
{
"source" : "psirt@us.ibm.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.0" ,
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 8.4 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 2.5 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C" ,
"accessVector" : "LOCAL" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
"availabilityImpact" : "COMPLETE" ,
"baseScore" : 7.2
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-120"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "11.1.0.0" ,
"versionEndExcluding" : "11.1.4.6" ,
"matchCriteriaId" : "FD327F40-DAD7-44C3-9E98-B742595FE95F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "11.5" ,
"versionEndExcluding" : "11.5.5.0" ,
"matchCriteriaId" : "C3A4627A-DD08-4ECA-854C-F38CC6799C32"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "77E2A7AA-6BEC-4796-8F9C-B9761445203F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "00A16349-5CF1-4E75-A6EE-218E85049F62"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp10:*:*:*:*:*:*" ,
"matchCriteriaId" : "DDB6647C-7CF0-474F-94C8-F5C7F6EE0DA5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*" ,
"matchCriteriaId" : "5335C017-52D9-45D4-BCEB-CBB51B7C88AE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*" ,
"matchCriteriaId" : "786B3F51-46A3-4A4C-A549-B80BA27EE3B9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*" ,
"matchCriteriaId" : "AB349DC8-2EC6-4A11-9BCD-9C49D36BA49D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*" ,
"matchCriteriaId" : "CC8D88E5-7942-4F21-B0BA-7D23F4537117"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*" ,
"matchCriteriaId" : "D7A42A22-D615-4D60-8FC4-61CDF727FD54"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp6:*:*:*:*:*:*" ,
"matchCriteriaId" : "8614A1E4-F2B2-4D76-B0A4-4D2C210BC6F6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp7:*:*:*:*:*:*" ,
"matchCriteriaId" : "BEBA2C16-A984-4DA3-953E-A3F29884ED09"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp8:*:*:*:*:*:*" ,
"matchCriteriaId" : "7B4337FD-3E56-482A-B27B-079901B07226"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp9:*:*:*:*:*:*" ,
"matchCriteriaId" : "F1DE50F8-6817-4C72-95BA-A81268F52E26"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:9.7:fp9a:*:*:*:*:*:*" ,
"matchCriteriaId" : "BCF253DE-A7BD-4626-8CA4-63CBF527A4A1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.1:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "22019513-E605-4245-B031-05D8B0C8E3C4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.1:fp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "71959DD4-A6DF-40CC-A1D4-4211C292D9B0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.1:fp2:*:*:*:*:*:*" ,
"matchCriteriaId" : "AE96DEA7-95B8-487C-9ADC-ABD29942DEC0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.1:fp3:*:*:*:*:*:*" ,
"matchCriteriaId" : "0D5B31BE-FE9D-4D12-945E-3870BB46CDF5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.1:fp3a:*:*:*:*:*:*" ,
"matchCriteriaId" : "14A3CD2D-6CE7-40AC-B3A2-F515D08A9A0D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.1:fp4:*:*:*:*:*:*" ,
"matchCriteriaId" : "A5466AD6-FE18-4778-9D6C-212347ECFFE7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.1:fp5:*:*:*:*:*:*" ,
"matchCriteriaId" : "282E708B-2FE3-4B1C-9DFC-C3BD164F3F6C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "190AE881-F7BF-486E-BDAE-197337D70CDB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "8D1BAA43-4C77-4AC7-8561-93EDE0AED000"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*" ,
"matchCriteriaId" : "87C39880-D0E9-4487-9A80-B4D1A999032F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*" ,
"matchCriteriaId" : "8842A8B6-E470-4536-AB5D-DA1C62A05F58"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*" ,
"matchCriteriaId" : "92BF0482-E4FE-454E-84DD-27074097F3F3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*" ,
"matchCriteriaId" : "3705A79B-7903-4055-9CDC-55D60D2AC2E4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*" ,
"matchCriteriaId" : "CBDFCE61-EE04-4901-844D-61B8966C1B81"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*" ,
"matchCriteriaId" : "53A23363-413D-4785-B8C1-9AC2F96000EB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*" ,
"matchCriteriaId" : "6E22D884-A33F-41D7-84CB-B6360A39863F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*" ,
"matchCriteriaId" : "4DA56D35-93E9-4659-B180-2FD636A39BAB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*" ,
"matchCriteriaId" : "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193661" ,
"source" : "psirt@us.ibm.com" ,
"tags" : [
"VDB Entry" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://security.netapp.com/advisory/ntap-20210409-0003/" ,
"source" : "psirt@us.ibm.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.ibm.com/support/pages/node/6427855" ,
"source" : "psirt@us.ibm.com" ,
"tags" : [
"Vendor Advisory"
]
}
]
}
