Home Unlabelled IBM Security Bulletin: Information Disclosure vulnerability affects IBM® DB2® LUW (CVE-2017-1150)

IBM Security Bulletin: Information Disclosure vulnerability affects IBM® DB2® LUW (CVE-2017-1150)

By
Tuesday, March 07, 2017
Read
Add Comment

When a table is renamed and a new table is created with the old name, users who had access on the old table may be able to access the new table.

CVE(s): CVE-2017-1150

Affected product(s) and affected version(s):

All fix pack levels of IBM DB2 V10.1, V10.5 and V11.1 editions listed below and running on AIX, Linux, HP, Solaris or Windows are affected:

IBM® DB2® Express Edition
IBM® DB2® Workgroup Server Edition
IBM® DB2® Enterprise Server Edition
IBM® DB2® Advanced Enterprise Server Edition
IBM® DB2® Advanced Workgroup Server Edition
IBM® DB2® Direct Advanced Edition
IBM® DB2® Direct Standard Edition
IBM® DB2® Connect™ Application Server Edition
IBM® DB2® Connect™ Enterprise Edition
IBM® DB2® Connect™ Unlimited Edition for System i®
IBM® DB2® Connect™ Unlimited Edition for System z®

The DB2 Connect products mentioned are affected only if a local database has been created.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2m4UONA
X-Force Database: http://ift.tt/2mAXK5w

The post IBM Security Bulletin: Information Disclosure vulnerability affects IBM® DB2® LUW (CVE-2017-1150) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2meZzTn
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us