CVE-2020-4701 IBM DB2 (Stack Based Buffer Overflow)
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base score of this vulnerability is 8.4 High (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5
IBM positions this database product as “the AI Database” that empowers intelligent businesses with multi-modal management. Machine learning algorithms help to provide significantly faster query speed improvements. Machine learning algorithms are used to score queries and provide confidence-based results for faster insights. IBM DB2 is used by very sophisticated enterprises in the financial and Insurance sector such as JP Morgan Chase, Morgan Stanley, TSYS, Geico etc. Public exploit is not available.
Virsec Security Platform (VSP) Support
The Virsec Security Platform (VSP)- Mem running on the server can protect against malicious code running on the attacked server. VSP-Host can prevent malicious file and file-less malware from running.
Download the full vulnerability report to learn more about this and other important vulnerabilities.