Main Vulnerability Database Vulnerabilities #VU16208

Privilege escalation in IBM DB2 - CVE-2018-1711

Published: November 28, 2018 / Updated: December 3, 2018

Vulnerability identifier: #VU16208

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1711

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM DB2

Detailed vulnerability description

The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target system.

The vulnerability exists due to unspecified flaw. A local attacker can modify the contents of the control tables used by the ATS to permit unauthorized access to authorizations held by other users as well as RCAC row permissions and column masks.

How to mitigate CVE-2018-1711

Install update from vendor's website.

Sources

https://www-01.ibm.com/support/docview.wss?uid=ibm10729983

Privilege escalation in IBM DB2 - CVE-2018-1711

Detailed vulnerability description

How to mitigate CVE-2018-1711

Sources

Please verify you're human