Db2 is affected by multiple file overwrite vulnerabilities. An unprivileged user can overwrite arbitrary files by creating a symlink that points to a file owned by the Db2 instance account.
CVE(s): CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452
Affected product(s) and affected version(s):
All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 editions on all platforms except Windows are affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22016181
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140045
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140044
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140046
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140047
The post IBM Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2IFsf6t
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.