Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with WebSphere Remote Server (CVE-2014-0907)

2018-06-1507:00:33

www.ibm.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

IBM DB2 is shipped as a component of WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin.

Vulnerability Details

For vulnerability details, see the Local escalation of privilege vulnerability in IBM DB2 (CVE-2014-0907) document.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
WebSphere Remote Server version 6.1, 6.2, 6.2.1, 7.0, 7.1, 7.1.1, 7.1.2, 8.5 | IBM DB2 Workgroup Server Edition
9.1, 9.5, 9.7, 10.1

CPENameOperatorVersion
websphere remote servereq8.5
websphere remote servereq7.1.2
websphere remote servereq7.1.1
websphere remote servereq7.1
websphere remote servereq7.0
websphere remote servereq6.2.1
websphere remote servereq6.2
websphere remote servereq6.1

Name	Operator	Version
websphere remote server	eq	8.5
websphere remote server	eq	7.1.2
websphere remote server	eq	7.1.1
websphere remote server	eq	7.1
websphere remote server	eq	7.0
websphere remote server	eq	6.2.1
websphere remote server	eq	6.2
websphere remote server	eq	6.1