Lucene search

IbmCVE-2018-1922

HistoryMar 11, 2019 - 10:29 p.m.

CVE-2018-1922

2019-03-1122:29:00

CWE-119

ibm

web.nvd.nist.gov

ibm

db2

linux

unix

windows

buffer overflow

vulnerability

arbitrary code execution

nvd

cve-2018-1922

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.

Affected configurations

Nvd

Vulners

Node

ibmdb2Match9.7

ibmdb2Match10.1

ibmdb2Match10.5

ibmdb2Match11.1

AND

linuxlinux_kernelMatch-

Node

ibmdb2Match9.7

ibmdb2Match10.1

ibmdb2Match10.5

ibmdb2Match11.1

AND

microsoftwindowsMatch-

VendorProductVersionCPE
ibmdb29.7cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
ibmdb210.1cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
ibmdb210.5cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
ibmdb211.1cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.7	cpe:2.3:a:ibm:db2:9.7:::::::*
ibm	db2	10.1	cpe:2.3:a:ibm:db2:10.1:::::::*
ibm	db2	10.5	cpe:2.3:a:ibm:db2:10.5:::::::*
ibm	db2	11.1	cpe:2.3:a:ibm:db2:11.1:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

CNA Affected

[
  {
    "product": "DB2 for Linux, UNIX and Windows",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.5"
      },
      {
        "status": "affected",
        "version": "10.1"
      },
      {
        "status": "affected",
        "version": "9.7"
      },
      {
        "status": "affected",
        "version": "11.1"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107398

exchange.xforce.ibmcloud.com/vulnerabilities/152858

www.ibm.com/support/docview.wss?uid=ibm10740413

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

Related for CVE-2018-1922