What is CVE-2016-5995?

CVE-2016-5995 is a high-severity vulnerability in Hp Hp-ux, classified under CWE-264. CVSS score: 7.3/10. Published 2016-10-01.

How severe is CVE-2016-5995?

High severity. CVSS v3 base score is 7.3 out of 10.

Is CVE-2016-5995 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Hp Hp-ux

CVE-2016-5995

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgi…

EPSS: 0.001 (20.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Hp Hp-ux
Ibm Aix
Ibm Db2 — versions 9.7, 9.7.0.1, 9.7.0.2
Ibm Db2_connect — versions 9.7, 9.7.0.1, 9.7.0.2
Linux Linux_kernel
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

thdusdl1219/CVE-Study

References

IT17012 (Permissions Required, vendor-advisory, x_refsource_AIXAPAR)
IT16921 (vendor-advisory, x_refsource_AIXAPAR, Vendor Advisory)
1036837 (vdb-entry, x_refsource_SECTRACK)
93012 (vdb-entry, x_refsource_BID)
IT17010 (Permissions Required, vendor-advisory, x_refsource_AIXAPAR)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
IT17011 (Permissions Required, vendor-advisory, x_refsource_AIXAPAR)

Frequently asked questions

What is CVE-2016-5995?: CVE-2016-5995 is a high-severity vulnerability in Hp Hp-ux, classified under CWE-264. CVSS score: 7.3/10. Published 2016-10-01.
How severe is CVE-2016-5995?: High severity. CVSS v3 base score is 7.3 out of 10.
Is CVE-2016-5995 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.