CVE-2017-1677

HIGH

IBM DB2 for Linux, UNIX and Windows <11.1 - Code Injection

Title source: llm

Description

IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

References (4)

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg22012896

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103422

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/133999

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041227

Scores

CVSS v3 7.4

EPSS 0.0017

EPSS Percentile 37.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (4)

ibm/db2

ibm/db2

ibm/db2

ibm/db2

Timeline

Published Mar 22, 2018

Tracked Since Feb 18, 2026