CVE-2018-1802

Sažetak

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640.

Reference

http://www.ibm.com/support/docview.wss?uid=ibm10733122
http://www.securityfocus.com/bid/105962
http://www.securitytracker.com/id/1042082
https://exchange.xforce.ibmcloud.com/vulnerabilities/149640

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2019 - 23:39

Objavljeno

09-11-2018 - 01:29