Main Vulnerability Database Vulnerabilities #VU16208

#VU16208 Privilege escalation in IBM DB2 - CVE-2018-1711

Published: November 28, 2018 / Updated: December 3, 2018

Vulnerability identifier: #VU16208

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1711

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
IBM DB2

Software vendor:
IBM Corporation

Description

The vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target system.

The vulnerability exists due to unspecified flaw. A local attacker can modify the contents of the control tables used by the ATS to permit unauthorized access to authorizations held by other users as well as RCAC row permissions and column masks.

Remediation

Install update from vendor's website.

External links

https://www-01.ibm.com/support/docview.wss?uid=ibm10729983

#VU16208 Privilege escalation in IBM DB2 - CVE-2018-1711

Description

Remediation

External links

Please verify you're human