CVE-2017-1150
LOWIBM DB2 10.1 10.5 11.1 - Authenticated Improper Privilege Management
Title source: llmDescription
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037946
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96597
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21999515
Scores
CVSS v3
3.1
EPSS
0.0016
EPSS Percentile
36.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-269
Status
published
Products (6)
ibm/db2
10.1 (6 CPE variants)
ibm/db2
10.5 (6 CPE variants)
ibm/db2
11.1 (6 CPE variants)
IBM Corporation/DB2 for Linux, UNIX and Windows
10.1
IBM Corporation/DB2 for Linux, UNIX and Windows
10.5
IBM Corporation/DB2 for Linux, UNIX and Windows
11.1
Published
Mar 08, 2017
Tracked Since
Feb 18, 2026