CVE-2020-4387: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information…

medium4.7CVSS 3.1

AVLACHPRLUINSUCHINAN

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

Affected

10 ranges

Vendor	Product	Version range	Fixed in
ibm	db2	—	—
ibm	db2	—	—
ibm	db2	—	—
ibm	db2	—	—
ibm	db2	—	—
ibm	db2_for_linux_unix_and_windows	—	—
ibm	db2_for_linux_unix_and_windows	—	—
ibm	db2_for_linux_unix_and_windows	—	—
ibm	db2_for_linux_unix_and_windows	—	—
ibm	db2_for_linux_unix_and_windows	—	—