CVE-2014-4805

low

Published 2014-09-04 · Modified 2026-05-06

CVSS v3

—

CVSS v2

2.1

VIR risk

2.1

Description

IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761

OS impact

OS	Version	Status	Fixed in
linux-kernel		not-affected

Application impact

Vendor	Product	Versions
ibm	db2	`10.5`
ibm	db2	`10.5.0.1`
ibm	db2	`10.5.0.2`
ibm	db2	`10.5.0.3`

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761
http://www-01.ibm.com/support/docview.wss?uid=swg21681723
http://www.securitytracker.com/id/1030806
https://exchange.xforce.ibmcloud.com/vulnerabilities/95307
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03761
http://www-01.ibm.com/support/docview.wss?uid=swg21681723
http://www.securitytracker.com/id/1030806
https://exchange.xforce.ibmcloud.com/vulnerabilities/95307

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.