CVE-2007-4275

3 documents3 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 82.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedAug 18

Latest updateMay 1

Description

Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/db2_universal_database8.0+1

Patches

Patch: secunia.com ↗Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-fmrj-qgrx-g82j: Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9↗2022-05-01

▶

CVEList

CVE-2007-4275: Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9↗2007-08-18

▶