Jul 28, 2021 8:06 pm EDT
Categorized: High Severity
Share this post:
IBM Db2 on Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Affected product(s) and affected version(s):
All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on Windows are affected.
Linux/Unix platforms are not affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6446219
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/188149