Arbitrary Code Execution Vulnerability in IBM DB2

Arbitrary Code Execution Vulnerability in IBM DB2

CVE-2019-4057 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.