CVE-2014-0907IBM DB2 vulnerability

3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 77.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedMay 30
Latest updateMay 17

Description

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDibm/db218 versions+17

🔴Vulnerability Details

2
GHSA
GHSA-7qh2-9387-24m4: Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 92022-05-17
CVEList
CVE-2014-0907: Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 92014-05-30
CVE-2014-0907 — IBM DB2 vulnerability | cvebase