Security Bulletin: Privilege escalation in IBM® Db2® tool db2cacpy (CVE-2018-1685).

Summary A vulnerability exists in db2cacpy which could expose sensitive information to user. Vulnerability Details CVEID: CVE-2018-1685 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server contains a vulnerability in db2cacpy that could allow a local user to read any file ...

CVE-2018-1685

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502...

CVE-2018-1685

CVE-2018-1685 affects IBM Db2 for Linux/UNIX/Windows (including DB2 Connect Server) and its db2cacpy component. A local user could read arbitrary files on the system due to a privilege/escalation flaw in db2cacpy. Affected versions span Db2 9.7, 10.1, 10.5, and 11.1 across Unix-like platforms; Wi...

IBM DB2 Information Disclosure Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in db2cacpy in IBM DB2 including DB2 Connect Server based on Linux,...