The vulnerability of IBM DB2 database management systems, including IBM DB2 Connect (and IBM DB2 Connect servers), is related to deficiencies in access control. This allows attackers to obtain elevated privileges.

🗓️ 28 Sep 2017 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

DB2 database access control flaws enable local attackers to gain privileges and modify formatted files.

Reporter	Title	Published	Views	Family All 14
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM Predictive Maintenance and Quality	15 Jun 201823:49	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products	17 Jun 201815:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files. (CVE-2017-1452)	11 Jul 201819:23	–	ibm
IBM Security Bulletins	Security Bulletin: BigInsights is affected by multiple vulnerabilities in Db2	18 Jul 202023:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple DB2 vulnerabilities affect IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1434, CVE-2017-1438, CVE-2017-1439, CVE-2017-1451, CVE-2017-1452)	17 Jun 201815:49	–	ibm
CNVD	IBM DB2 and DB2 Connect Server for Linux, UNIX and Windows Elevation of Privilege Vulnerability	11 Sep 201700:00	–	cnvd
CVE	CVE-2017-1452	12 Sep 201721:00	–	cve
Cvelist	CVE-2017-1452	12 Sep 201721:00	–	cvelist
Tenable Nessus	IBM DB2 9.7 < FP11 Special Build 36826 / 10.1 < FP6 Special Build 36827 / 10.5 < FP8 Special Build 36828 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (UNIX)	15 Sep 201700:00	–	nessus
EUVD	EUVD-2017-10468	7 Oct 202500:30	–	euvd

Vulners

Node

ibm ibm_db2Match10.5.0.5

ibm ibm_db2Match10.5.0.4

ibm ibm_db2Match10.5.0.3

ibm ibm_db2Match10.5.0.2

ibm ibm_db2Match10.5.0.7

ibm ibm_db2Match10.5.0.6

ibm ibm_db2Match10.5.0.1

ibm ibm_db2Match9.7

ibm ibm_db2Match9.7.0.9a

ibm ibm_db2Match10.1

ibm ibm_db2Match10.5

ibm ibm_db2Match10.1.0.2

ibm ibm_db2Match10.1.0.3

ibm ibm_db2Match10.1.0.4

ibm ibm_db2Match10.1.0.5

ibm ibm_db2Match10.1.0.1

ibm ibm_db2Match11.1.0.0

ibm ibm_db2Match9.7.0.1

ibm ibm_db2Match9.7.0.7

ibm ibm_db2Match9.7.0.6

ibm ibm_db2Match9.7.0.9

ibm ibm_db2Match9.7.0.8

ibm ibm_db2Match9.7.0.11

ibm ibm_db2Match9.7.0.10

ibm ibm_db2Match9.7.0.3

ibm ibm_db2Match9.7.0.2

ibm ibm_db2Match9.7.0.5

ibm ibm_db2Match9.7.0.4

ibm ibm_db2Match10.5.0.3a

ibm ibm_db2_connectMatch10.5.0.5

ibm ibm_db2_connectMatch10.5.0.2

ibm ibm_db2_connectMatch10.5.0.3

ibm ibm_db2_connectMatch10.5.0.1

ibm ibm_db2_connectMatch10.5.0.4

ibm ibm_db2_connectMatch10.5.0.6

ibm ibm_db2_connectMatch10.5.0.7

ibm ibm_db2_connectMatch9.7.0.4

ibm ibm_db2_connectMatch9.7.0.7

ibm ibm_db2_connectMatch9.7.0.9

ibm ibm_db2_connectMatch9.7.0.6

ibm ibm_db2_connectMatch9.7.0.3

ibm ibm_db2_connectMatch9.7.0.8

ibm ibm_db2_connectMatch9.7.0.5

ibm ibm_db2_connectMatch9.7.0.2

ibm ibm_db2_connectMatch9.7.0.10

ibm ibm_db2_connectMatch9.7.0.11

ibm ibm_db2_connectMatch10.1.0.2

ibm ibm_db2_connectMatch10.1.0.5

ibm ibm_db2_connectMatch10.1.0.3

ibm ibm_db2_connectMatch10.1.0.4

ibm ibm_db2_connectMatch10.5

ibm ibm_db2_connectMatch9.7

ibm ibm_db2_connectMatch9.7.0.1

ibm ibm_db2_connectMatch11.1.0.0

ibm ibm_db2_connectMatch10.1

ibm ibm_db2_connectMatch10.1.0.1

Source	Link
ibm	www.ibm.com/support/docview.wss
securityfocus	www.securityfocus.com/bid/100698
securitytracker	www.securitytracker.com/id/1039299
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/128180
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 27.2

EPSS0.00059