CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1802
https://notcve.org/view.php?id=CVE-2018-1802
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640. En IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1, los binarios cargaban librerías compartidas de una ruta no fiable, dando a un usuario de bajos privilegios acceso total a la cuenta de la instancia DB2 cargando una librería compartida maliciosa. IBM X-Force ID: 149640. • http://www.ibm.com/support/docview.wss?uid=ibm10733122 http://www.securityfocus.com/bid/105962 http://www.securitytracker.com/id/1042082 https://exchange.xforce.ibmcloud.com/vulnerabilities/149640 • CWE-426: Untrusted Search Path •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1781
https://notcve.org/view.php?id=CVE-2018-1781
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un usuario local obtenga acceso root explotando un ataque de enlace simbólico para leer/escribir/corromper un archivo al que no se tenía permiso de acceso originalmente. IBM X-Force ID: 148804. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 http://www.securityfocus.com/bid/105885 http://www.securitytracker.com/id/1042086 https://exchange.xforce.ibmcloud.com/vulnerabilities/148804 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1799
https://notcve.org/view.php?id=CVE-2018-1799
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un usuario local no privilegiado sobrescriba archivos en el sistema, lo que podría provocar daños en la base de datos. IBM X-Force ID: 149429. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 http://www.securityfocus.com/bid/105885 http://www.securitytracker.com/id/1042086 https://exchange.xforce.ibmcloud.com/vulnerabilities/149429 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1834
https://notcve.org/view.php?id=CVE-2018-1834
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511. IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podría permitir a un usuario local escalar sus privilegios a root a través de un ataque de enlace simbólico. IBM X-Force ID: 150511. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 http://www.securityfocus.com/bid/105885 http://www.securitytracker.com/id/1042086 https://exchange.xforce.ibmcloud.com/vulnerabilities/150511 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1685
https://notcve.org/view.php?id=CVE-2018-1685
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 contiene una vulnerabilidad en db2cacpy que podría permitir que un usuario local lea cualquier archivo en el sistema. IBM X-Force ID: 145502. • http://www.securityfocus.com/bid/105395 http://www.securitytracker.com/id/1041671 https://exchange.xforce.ibmcloud.com/vulnerabilities/145502 https://www.ibm.com/support/docview.wss?uid=ibm10729979 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •