CVE-2018-1487

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.

Affected Software

VendorProductVersion RangeStatus
IBMDB2 for Linux, UNIX and Windows10.5affected
IBMDB2 for Linux, UNIX and Windows10.1affected
IBMDB2 for Linux, UNIX and Windows9.7affected
IBMDB2 for Linux, UNIX and Windows11.1affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References