| VID |
25266 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
According to its version, the installation of IBM DB2 running on the remote host is either 11.1.3 prior to fix pack 3. It is, therefore, affected by a local privilege escalation vulnerability in the DB2 JDBC driver.
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg22012896
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-performs-unsafe-deserialization-in-db2-jdbc-driver-cve-2017-1677/
* Platforms Affected:
IBM DB2 UDB versions before 11.1.3 Fix Pack 3
Windows system Any version |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (11.1.3 Fix Pack 3 or later), available from the IBM Support & downloads Web site at
https://www-01.ibm.com/support/docview.wss?uid=swg22012896 |
| Related URL |
CVE-2017-1677 (CVE) |
| Related URL |
103422 (SecurityFocus) |
| Related URL |
(ISS) |
|
