<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Virsec Security Research Lab

CVE-2020-4701 IBM DB2 (Stack Based Buffer Overflow)

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.

CVE-2020-4701

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base score of this vulnerability is 8.4 High (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Version

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5

Vulnerability Attribution

Unknown

Risk Impact

IBM positions this database product as “the AI Database” that empowers intelligent businesses with multi-modal management. Machine learning algorithms help to provide significantly faster query speed improvements. Machine learning algorithms are used to score queries and provide confidence-based results for faster insights. IBM DB2 is used by very sophisticated enterprises in the financial and Insurance sector such as JP Morgan Chase, Morgan Stanley, TSYS, Geico etc.  Public exploit is not available.

Virsec Security Platform (VSP) Support

The Virsec Security Platform (VSP)- Mem running on the server can protect against malicious code running on the attacked server. VSP-Host can prevent malicious file and file-less malware from running.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.