High Severity

Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)

Share this post:

IBM DB2 on Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Affected product(s) and affected version(s):

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on Windows are affected.  Linux and Unix are not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6370023

More stories

Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2020-28362)

Feb 26, 2021 7:01 pm EST | High Severity

IBM Cloud Private is vulnerable to a Go vulnerability ...read more



Security Bulletin: IBM Cloud Private is vulnerable to a Python vulnerability (CVE-2020-25659)

Feb 26, 2021 7:01 pm EST | High Severity

IBM Cloud Private is vulnerable to a Python vulnerability ...read more