CVE-2018-1426 Information
Share on:
Feb 14, 2021
cve
Description
IBM GSKit (IBM DB2 for Linux UNIX and Windows 9.7 10.1 10.5 and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Reference
http://www.ibm.com/support/docview.wss?uid=swg22013756 http://www.securityfocus.com/bid/105580 http://www.securitytracker.com/id/1041012 https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
NONE
Base Severity
9.1