PT-2018-13772 · Ibm · Ibm Db2

Eddie Zhu

Published

2018-09-21

Updated

2021-01-30

CVE-2018-1685

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1

Description The issue allows a local user to read any file on the system due to a vulnerability in db2cacpy. There are reports of analysis and exploitation of a similar vulnerability that could allow an attacker to read arbitrary files, although specific details of this case are not publicly known.

Recommendations For IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-1685

Affected Products

Ibm Db2

PT-2018-13772 · Ibm · Ibm Db2

CVE-2018-1685

Weakness Enumeration

Related Identifiers

Affected Products

References · 7