CVE-2017-1105

moderate-risk
Published 2017-06-27

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10 High
LOCAL / LOW complexity

Affected Products (20)

Data Server Client
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2
Db2 Connect
Db2 Connect
Db2 Connect
Db2 Connect
Data Server Driver For Odbc And Cli
Data Server Driver Package
Data Server Runtime Client
Db2
Db2

Affected Vendors

Ibm

References (8)

Patch http://www.ibm.com/support/docview.wss?uid=swg22003877
Third Party Advisory http://www.securityfocus.com/bid/99264
http://www.securitytracker.com/id/1038773
Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/120668
Patch http://www.ibm.com/support/docview.wss?uid=swg22003877
Third Party Advisory http://www.securityfocus.com/bid/99264
http://www.securitytracker.com/id/1038773
Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/120668
45
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 0/34 · Minimal
Exposure 23/34 · High