Home Unlabelled IBM Security Bulletin: IBM® Db2®’s RCAC rules are not being enforced by CTAS sub-select statements (CVE-2018-1857).

IBM Security Bulletin: IBM® Db2®’s RCAC rules are not being enforced by CTAS sub-select statements (CVE-2018-1857).

By
Wednesday, November 07, 2018
Read
Add Comment

Nov 7, 2018 8:02 am EST

Categorized: Medium Severity

Share this post:

Db2’s Row and Column Access Control (RCAC) rules are not being enforced when creating a table using AS (CTAS) sub-select statements. RCAC is not enforced when Db2 uses the ‘WITH DATA’ clause to select and insert data into the target table.

CVE(s): CVE-2018-1857

Affected product(s) and affected version(s):

All fix pack levels of IBM Db2 V11.1 editions on all platforms are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10734059
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151155



from IBM Product Security Incident Response Team https://ift.tt/2AS1YfI
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us