Wednesday, May 23, 2018

IBM Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452)

Db2 is affected by multiple file overwrite vulnerabilities. An unprivileged user can overwrite arbitrary files by creating a symlink that points to a file owned by the Db2 instance account.

CVE(s): CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452

Affected product(s) and affected version(s):

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 editions on all platforms except Windows are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22016181
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140045
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140044
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140046
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140047

The post IBM Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2IFsf6t

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.