CVE-2017-1439

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
ibmdb2
9.7
ibmdb2
9.7.0.1
ibmdb2
9.7.0.2
ibmdb2
9.7.0.3
ibmdb2
9.7.0.4
ibmdb2
9.7.0.5
ibmdb2
9.7.0.6
ibmdb2
9.7.0.7
ibmdb2
9.7.0.8
ibmdb2
9.7.0.9
ibmdb2
9.7.0.9:a
ibmdb2
9.7.0.10
ibmdb2
9.7.0.11
ibmdb2
10.1
ibmdb2
10.1.0.1
ibmdb2
10.1.0.2
ibmdb2
10.1.0.3
ibmdb2
10.1.0.4
ibmdb2
10.1.0.5
ibmdb2
10.5
ibmdb2
10.5.0.1
ibmdb2
10.5.0.2
ibmdb2
10.5.0.3
ibmdb2
10.5.0.3:a
ibmdb2
10.5.0.4
ibmdb2
10.5.0.5
ibmdb2
10.5.0.6
ibmdb2
10.5.0.7
ibmdb2
11.1.0.0
ibmdb2_connect
9.7
ibmdb2_connect
9.7.0.1
ibmdb2_connect
9.7.0.2
ibmdb2_connect
9.7.0.3
ibmdb2_connect
9.7.0.4
ibmdb2_connect
9.7.0.5
ibmdb2_connect
9.7.0.6
ibmdb2_connect
9.7.0.7
ibmdb2_connect
9.7.0.8
ibmdb2_connect
9.7.0.9
ibmdb2_connect
9.7.0.10
ibmdb2_connect
9.7.0.11
ibmdb2_connect
10.1
ibmdb2_connect
10.1.0.1
ibmdb2_connect
10.1.0.2
ibmdb2_connect
10.1.0.3
ibmdb2_connect
10.1.0.4
ibmdb2_connect
10.1.0.5
ibmdb2_connect
10.5
ibmdb2_connect
10.5.0.1
ibmdb2_connect
10.5.0.2
ibmdb2_connect
10.5.0.3
ibmdb2_connect
10.5.0.4
ibmdb2_connect
10.5.0.5
ibmdb2_connect
10.5.0.6
ibmdb2_connect
10.5.0.7
ibmdb2_connect
11.1.0.0
𝑥
= Vulnerable software versions
References
http://www.ibm.com/support/docview.wss?uid=swg22006061
http://www.securityfocus.com/bid/100690
http://www.securitytracker.com/id/1039301
https://exchange.xforce.ibmcloud.com/vulnerabilities/128058
http://www.ibm.com/support/docview.wss?uid=swg22006061
http://www.securityfocus.com/bid/100690
http://www.securitytracker.com/id/1039301
https://exchange.xforce.ibmcloud.com/vulnerabilities/128058