Vulnerability Details : CVE-2018-1515
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.
Vulnerability category: OverflowGain privilege
Products affected by CVE-2018-1515
- cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
Exploit prediction scoring system (EPSS) score for CVE-2018-1515
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1515
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST | |
7.4
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.4
|
5.9
|
IBM Corporation |
CWE ids for CVE-2018-1515
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1515
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/141624
IBM DB2 buffer overflow CVE-2018-1515 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.securitytracker.com/id/1040969
IBM DB2 Buffer Overflow in db2convert Lets Local Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.ibm.com/support/docview.wss?uid=swg22016140
IBM Security Bulletin: Buffer overflow in the db2convert tool shipped with IBM® Db2® (CVE-2018-1515).Vendor Advisory
Jump to