CVE-2018-1781

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Information

Published : 2018-11-08 17:29

Updated : 2019-10-09 16:39


NVD link : CVE-2018-1781

Mitre link : CVE-2018-1781


JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa

Products Affected

ibm

  • db2

microsoft

  • windows

linux

  • linux_kernel