Home Unlabelled IBM Security Bulletin: IBM® Db2® is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT (CVE-2017-1520)

IBM Security Bulletin: IBM® Db2® is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT (CVE-2017-1520)

By
Saturday, September 09, 2017
Read
Add Comment

For a CLIENT authentication type, a user without proper authority can activate database. The database becomes activated, but requires authentication to proceed further. This does not allow unauthorized access to the database. This issue applies to the application side.

CVE(s): CVE-2017-1520

Affected product(s) and affected version(s):

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 editions on all platforms are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wgz0QU
X-Force Database: http://ift.tt/2wQiwmf

The post IBM Security Bulletin: IBM® Db2® is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT (CVE-2017-1520) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2wgEXx9
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us