Arbitrary Code Execution via Object Injection in IBM Data Server Driver for JDBC and SQLJ
CVE-2017-1677 · MEDIUM Severity
AV:L/AC:L/AU:N/C:P/I:P/A:P
IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.