Nov 30, 2020 7:00 pm EST
Categorized: High Severity
Share this post:
IBM DB2 on Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Affected product(s) and affected version(s):
All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on Windows are affected. Linux and Unix are not affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6370023