CVE-2019-4606

CWE-4263 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 61.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 High Performance Unload Load FOR LUW IBM DB2 High Performance Unload Load

Timeline

PublishedDec 12

Latest updateMay 24

Description

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/db2_high_performance_unload_load7 versions+6

▶CVEListV5ibm/db2_high_performance_unload_load_for_luw6.1, 6.5+1

🔴Vulnerability Details

GHSA

GHSA-g2fc-4mpm-58fg: IBM DB2 High Performance Unload load for LUW 6↗2022-05-24

▶

CVEList

CVE-2019-4606: IBM DB2 High Performance Unload load for LUW 6↗2019-12-12

▶