CVE-2017-1451

Name of the Vulnerable Software and Affected Versions IBM DB2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, and 11.1 IBM DB2 Connect Server versions 9.7, 10.1, 10.5, and 11.1

Description The issue is related to insufficient access control in IBM DB2 database management systems, including IBM DB2 Connect Server. This could allow a local user with DB2 instance owner privileges to gain root access.

Recommendations For IBM DB2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, and 11.1, consider restricting access to the DB2 instance to minimize the risk of exploitation. For IBM DB2 Connect Server versions 9.7, 10.1, 10.5, and 11.1, restrict access to the Connect Server to prevent potential abuse. At the moment, there is no information about a newer version that contains a fix for this vulnerability.