Описание
IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
8.4 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 8.4
github
больше 2 лет назад
IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.
EPSS
Процентиль: 8%
0.00029
Низкий
8.4 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-269