CVE-2017-1452 : IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Conn

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.

Published 2017-09-12 21:29:01

Updated 2019-10-03 00:03:26

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2017-1452

IBM » DB2 » Version: 9.7
cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.1
cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.2
cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.3
cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.4
cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.5
cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.6
cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.1
cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.5
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.8
cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.9
cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.7
cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.5.0.1
cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.5.0.2
cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.1.0.2
cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.1.0.3
cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.1.0.1
cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.5.0.3
cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.9 Update A
cpe:2.3:a:ibm:db2:9.7.0.9:a:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.5.0.3 Update A
cpe:2.3:a:ibm:db2:10.5.0.3:a:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.1.0.4
cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.5.0.5
cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.5.0.4
cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.5.0.7
cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.5.0.6
cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 10.1.0.5
cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.11
cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 9.7.0.10
cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » DB2 » Version: 11.1.0.0
cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.1
cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7
cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.5
cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.7
cpe:2.3:a:ibm:db2_connect:9.7.0.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.8
cpe:2.3:a:ibm:db2_connect:9.7.0.8:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.3
cpe:2.3:a:ibm:db2_connect:9.7.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.4
cpe:2.3:a:ibm:db2_connect:9.7.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.1
cpe:2.3:a:ibm:db2_connect:9.7.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.2
cpe:2.3:a:ibm:db2_connect:9.7.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.9
cpe:2.3:a:ibm:db2_connect:9.7.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.5
cpe:2.3:a:ibm:db2_connect:9.7.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.6
cpe:2.3:a:ibm:db2_connect:9.7.0.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.5.0.1
cpe:2.3:a:ibm:db2_connect:10.5.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.5.0.2
cpe:2.3:a:ibm:db2_connect:10.5.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.1.0.3
cpe:2.3:a:ibm:db2_connect:10.1.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.1.0.1
cpe:2.3:a:ibm:db2_connect:10.1.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.1.0.2
cpe:2.3:a:ibm:db2_connect:10.1.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.1.0.5
cpe:2.3:a:ibm:db2_connect:10.1.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.5.0.6
cpe:2.3:a:ibm:db2_connect:10.5.0.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 11.1.0.0
cpe:2.3:a:ibm:db2_connect:11.1.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.5.0.3
cpe:2.3:a:ibm:db2_connect:10.5.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.5.0.4
cpe:2.3:a:ibm:db2_connect:10.5.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.5.0.5
cpe:2.3:a:ibm:db2_connect:10.5.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.1.0.4
cpe:2.3:a:ibm:db2_connect:10.1.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 10.5.0.7
cpe:2.3:a:ibm:db2_connect:10.5.0.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.10
cpe:2.3:a:ibm:db2_connect:9.7.0.10:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Connect » Version: 9.7.0.11
cpe:2.3:a:ibm:db2_connect:9.7.0.11:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-1452

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-1452

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2017-1452

https://exchange.xforce.ibmcloud.com/vulnerabilities/128180

IBM DB2 privilege escalation CVE-2017-1452 Vulnerability Report
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22006109

IBM Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files. (CVE-2017-1452)
Patch;Vendor Advisory
http://www.securityfocus.com/bid/100698

IBM DB2 CVE-2017-1452 Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1039299

IBM DB2 Lets Local Users Gain Elevated Privileges and Overwrite DB2 Files - SecurityTracker
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-1452

Products affected by CVE-2017-1452

Exploit prediction scoring system (EPSS) score for CVE-2017-1452

CVSS scores for CVE-2017-1452

References for CVE-2017-1452