Vulnerability Details : CVE-2017-1150
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.
Products affected by CVE-2017-1150
- cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_enterprise:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_workgroup:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:workgroup:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:advanced_enterprise:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1150
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1150
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST | |
3.1
|
LOW | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.6
|
1.4
|
NIST |
CWE ids for CVE-2017-1150
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1150
-
http://www.ibm.com/support/docview.wss?uid=swg21999515
IBM Security Bulletin: Information Disclosure vulnerability affects IBM® DB2® LUW (CVE-2017-1150)Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/96597
Multiple IBM DB2 Products CVE-2017-1150 Information Disclosure Vulnerability
-
http://www.securitytracker.com/id/1037946
IBM DB2 Remote Authenticated Users Bypass Table Access Controls in Certain Cases - SecurityTracker
Jump to