CVE-2018-1710

Description

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.

CVSS breakdown

CVSS 3.0

Availability

High

Attack Complexity

Low

Attack Vector

Local

Confidentiality

High

Integrity

High

Privileges Required

None

Scope

Unchanged

User Interaction

None

Unchanged

Changed

Affected products

ibm / Db2 for Linux, UNIX and Windows10.5 – 10.5
ibm / Db2 for Linux, UNIX and Windows10.1 – 10.1
ibm / Db2 for Linux, UNIX and Windows11.1 – 11.1

References

MISChttps://www.ibm.com/support/docview.wss?uid=ibm10729981
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/146364
MISChttp://www.securityfocus.com/bid/105391
VENDOR_ADVISORYhttps://usn.ubuntu.com/3906-2/