PT-2018-13772 · Ibm · Ibm Db2
Eddie Zhu
·
Publicado
2018-09-21
·
Atualizado
2021-01-30
·
CVE-2018-1685
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1
Description
The issue allows a local user to read any file on the system due to a vulnerability in db2cacpy. There are reports of analysis and exploitation of a similar vulnerability that could allow an attacker to read arbitrary files, although specific details of this case are not publicly known.
Recommendations
For IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Db2