CVE-2019-4588

HIGH

IBM Db2 <11.5 - RCE

Title source: llm

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.

References (3)

Scores

CVSS v3 7.8
EPSS 0.0012
EPSS Percentile 30.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-427
Status published

Affected Products (5)

ibm/db2
ibm/db2
ibm/db2
ibm/db2
ibm/db2

Timeline

Published May 26, 2021
Tracked Since Feb 18, 2026