Description
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.
CVSS breakdown
CVSS 3.0
Availability
High
Attack Complexity
Low
Attack Vector
Local
Confidentiality
High
Integrity
High
Privileges Required
None
Scope
Unchanged
User Interaction
None
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / Db2 for Linux, UNIX and Windows10.5 – 10.5
- ibm / Db2 for Linux, UNIX and Windows10.1 – 10.1
- ibm / Db2 for Linux, UNIX and Windows9.7 – 9.7
- ibm / Db2 for Linux, UNIX and Windows11.1 – 11.1