CVE-2018-1802

Description

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640.

CVSS breakdown

CVSS 3.0

Availability

High

Attack Complexity

Low

Attack Vector

Local

Confidentiality

High

Integrity

High

Privileges Required

None

Scope

Unchanged

User Interaction

None

Unchanged

Changed

Affected products

ibm / Db2 for Linux, UNIX and Windows10.5 – 10.5
ibm / Db2 for Linux, UNIX and Windows10.1 – 10.1
ibm / Db2 for Linux, UNIX and Windows9.7 – 9.7
ibm / Db2 for Linux, UNIX and Windows11.1 – 11.1

References

MISChttp://www.securityfocus.com/bid/105962
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/149640
MISChttp://www.securitytracker.com/id/1042082
MISChttp://www.ibm.com/support/docview.wss?uid=ibm10733122