CVE-2018-1487

Name of the Vulnerable Software and Affected Versions IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1

Description The issue allows low privilege users to potentially gain full access to the DB2 instance account by loading a malicious shared library, as the binaries load shared libraries from an untrusted path.

Recommendations For versions 9.7, 10.1, 10.5, and 11.1, consider restricting access to the shared library loading mechanism to prevent malicious library loading until a patch is available. As a temporary workaround, restrict the ability of low privilege users to load shared libraries from untrusted paths.