CVE-2019-4448

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 87.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 High Performance Unload Load FOR LUW IBM DB2 High Performance Unload Load

Timeline

PublishedAug 26

Latest updateMay 24

Description

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/db2_high_performance_unload_load6.1, 6.1.0.1, 6.1.0.2+2

▶CVEListV5ibm/db2_high_performance_unload_load_for_luw6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-7jf9-rwmj-r483: IBM DB2 High Performance Unload load for LUW 6↗2022-05-24

▶

CVEList

CVE-2019-4448: IBM DB2 High Performance Unload load for LUW 6↗2019-08-26

▶