CVE-2018-1710

Published Sep 21, 2018

Last updated 6 years ago

CVSS high 7.8

Overview

Description: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References