Korean
<< Back
VID 25264
Severity 40
Port 523
Protocol TCP
Class DB
Detailed Description According to its version, the installation of IBM DB2 running on the remote host is either 10.1 prior to fix pack 6 Special Build 37313. It is, therefore, affected by a local privilege escalation vulnerability in the DB2 JDBC driver.

* References:
http://www-01.ibm.com/support/docview.wss?uid=swg22012896
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-performs-unsafe-deserialization-in-db2-jdbc-driver-cve-2017-1677/

* Platforms Affected:
IBM DB2 UDB versions before 10.1 Fix Pack 6
Windows system Any version
Recommendation Apply the latest IBM DB2 Universal Database Fix Pack (10.1 Fix Pack 6 or later), available from the IBM Support & downloads Web site at
https://www-01.ibm.com/support/docview.wss?uid=swg22012896
Related URL CVE-2017-1677 (CVE)
Related URL 103422 (SecurityFocus)
Related URL (ISS)