CVE-2019-4094
HIGHIBM DB2 9.7, 10.1, 10.5, 11.1 - Uncontrolled Search Path Element
Title source: llmDescription
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=ibm10875860
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/158014
Scores
CVSS v3
7.8
EPSS
0.0041
EPSS Percentile
32.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (4)
ibm/db2
9.7
ibm/db2
10.1
ibm/db2
10.5
ibm/db2
11.1
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026