The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of DB2 LUW

computer vulnerability alert CVE-2019-4094

IBM DB2: privilege escalation via Shared Libraries Loading

Synthesis of the vulnerability

An attacker can bypass restrictions via Shared Libraries Loading of IBM DB2, in order to escalate his privileges.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 13/03/2019.
Identifiers: CVE-2019-4094, ibm10875860, VIGILANCE-VUL-28736.

Description of the vulnerability

An attacker can bypass restrictions via Shared Libraries Loading of IBM DB2, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1922 CVE-2018-1923 CVE-2018-1978

IBM DB2: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM DB2.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 6.
Creation date: 08/03/2019.
Identifiers: CVE-2018-1922, CVE-2018-1923, CVE-2018-1978, CVE-2018-1980, CVE-2019-4015, CVE-2019-4016, ibm10740413, VIGILANCE-VUL-28691.

Description of the vulnerability

An attacker can use several vulnerabilities of IBM DB2.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1977

IBM DB2: denial of service via TRUNCATE System Z

Synthesis of the vulnerability

An attacker can generate a fatal error via TRUNCATE System Z of IBM DB2, in order to trigger a denial of service.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 17/12/2018.
Identifiers: CVE-2018-1977, ibm10788089, VIGILANCE-VUL-28035.

Description of the vulnerability

An attacker can generate a fatal error via TRUNCATE System Z of IBM DB2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1723

IBM DB2 LUW: file reading via IBM Spectrum Scale

Synthesis of the vulnerability

A local attacker can read a file via IBM Spectrum Scale of IBM DB2 LUW, in order to obtain sensitive information.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 28/11/2018.
Identifiers: CVE-2018-1723, ibm10734067, VIGILANCE-VUL-27899.

Description of the vulnerability

A local attacker can read a file via IBM Spectrum Scale of IBM DB2 LUW, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1897

IBM DB2: buffer overflow via db2pdcfg

Synthesis of the vulnerability

An attacker can generate a buffer overflow via db2pdcfg of IBM DB2, in order to trigger a denial of service, and possibly to run code.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 28/11/2018.
Identifiers: CVE-2018-1897, ibm10737295, ibm10793417, VIGILANCE-VUL-27898.

Description of the vulnerability

An attacker can generate a buffer overflow via db2pdcfg of IBM DB2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1780 CVE-2018-1781 CVE-2018-1799

IBM DB2: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM DB2.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: administrator access/rights, data reading, data creation/edition, data deletion.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 06/11/2018.
Identifiers: CVE-2018-1780, CVE-2018-1781, CVE-2018-1799, CVE-2018-1834, ibm10733939, ibm10793415, VIGILANCE-VUL-27704.

Description of the vulnerability

An attacker can use several vulnerabilities of IBM DB2.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1802

IBM DB2: privilege escalation via Untrusted Loaded Libraries

Synthesis of the vulnerability

An attacker can bypass restrictions via Untrusted Loaded Libraries of IBM DB2, in order to escalate his privileges.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 06/11/2018.
Identifiers: CVE-2018-1802, ibm10733122, VIGILANCE-VUL-27703.

Description of the vulnerability

An attacker can bypass restrictions via Untrusted Loaded Libraries of IBM DB2, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1857

IBM DB2: privilege escalation via RCAC

Synthesis of the vulnerability

An attacker can bypass restrictions via RCAC of IBM DB2, in order to escalate his privileges.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 06/11/2018.
Identifiers: CVE-2018-1857, ibm10734059, VIGILANCE-VUL-27702.

Description of the vulnerability

An attacker can bypass restrictions via RCAC of IBM DB2, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1711

IBM DB2: privilege escalation via Administrative Task Scheduler

Synthesis of the vulnerability

An attacker can bypass restrictions via Administrative Task Scheduler of IBM DB2, in order to escalate his privileges.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 19/09/2018.
Identifiers: CVE-2018-1711, ibm10729983, ibm10733605, VIGILANCE-VUL-27261.

Description of the vulnerability

An attacker can bypass restrictions via Administrative Task Scheduler of IBM DB2, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1685

IBM DB2: file reading via db2cacpy

Synthesis of the vulnerability

A local attacker can read a file via db2cacpy of IBM DB2, in order to obtain sensitive information.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 19/09/2018.
Identifiers: CVE-2018-1685, ibm10729979, VIGILANCE-VUL-27260.

Description of the vulnerability

A local attacker can read a file via db2cacpy of IBM DB2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about DB2 LUW: