CVE-2018-1857Sensitive Information Exposure in IBM DB2

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
CNA4.8
EPSS
0.4%
top 41.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedNov 9
Latest updateMay 13

Description

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDibm/db211.1

🔴Vulnerability Details

2
GHSA
GHSA-qr43-6cvj-wfv7: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 112022-05-13
CVEList
CVE-2018-1857: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 112018-11-09
CVE-2018-1857 — Sensitive Information Exposure in IBM | cvebase