3 matches found
Security Bulletin: IBM® Db2® is affected by multiple privilege escalation vulnerabilities (CVE-2018-1799, CVE-2018-1780, CVE-2018-1781, CVE-2018-1834).
Summary Db2 is vulnerable to privilege escalation by exploiting multiple symbolic link attacks, which could allow the Db2 instance owner or DAS owner to obtain root access. Vulnerability Details CVEID: CVE-2018-1799 DESCRIPTION: IBM DB2 could allow a local unprivileged user to overwrite files on...
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM Maximo Asset Management
Summary IBM DB2 is shipped as a component of IBM Maximo Asset Management. Information about security vulnerabilities affecting IBM DB2 have been published in security bulletins. Vulnerability Details CVEID: CVE-2018-1857 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server...
CVE-2018-1780
CVE-2018-1780 affects IBM DB2 for Linux, UNIX and Windows (incl. DB2 Connect Server) on 9.7, 10.1, 10.5 and 11.1. The issue allows a local db2 instance owner to obtain root access by exploiting a symbolic link to read/write/corrupt a file they shouldn’t access. The vulnerability is a local privil...