Sep 20, 2018 9:00 am EDT
Categorized: High Severity
Share this post:
Db2 Administrative Task Scheduler (ATS) is vulnerable to a privilege escalation attack. A user with appropriate authorization can modify the contents of the control tables used by the ATS to permit unauthorized access to user data. Unauthorized access includes both access to authorizations held by other users as well as RCAC row permissions and column masks.
CVE(s): CVE-2018-1711
Affected product(s) and affected version(s):
All fix pack levels of IBM Db2 V9.7, V10.1, V10.5 and V11.1 editions on all platforms are affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10729983
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146369
from IBM Product Security Incident Response Team https://ift.tt/2pqwgzw
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.