3 matches found
Security Bulletin: Privilege escalation in IBM® Db2® tool db2cacpy (CVE-2018-1685).
Summary A vulnerability exists in db2cacpy which could expose sensitive information to user. Vulnerability Details CVEID: CVE-2018-1685 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server contains a vulnerability in db2cacpy that could allow a local user to read any file ...
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM Maximo Asset Management (CVE-2018-1710, CVE-2018-1685, CVE-2018-1711)
Summary IBM DB2 is shipped as a component of IBM Maximo Asset Management. Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2018-1710 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server...
CVE-2018-1685
CVE-2018-1685 affects IBM Db2 for Linux/UNIX/Windows (including DB2 Connect Server) and its db2cacpy component. A local user could read arbitrary files on the system due to a privilege/escalation flaw in db2cacpy. Affected versions span Db2 9.7, 10.1, 10.5, and 11.1 across Unix-like platforms; Wi...