← back
CVE-2018-1426

CVE-2018-1426

CVSS 7.4 HIGHEPSS 2.5%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.4EPSS 2.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Mar 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
CVSS:3.0/A:N/AC:H/AV:N/C:H/I:H/PR:N/S:U/UI:N
Affected products
IBM · DB2 for Linux, UNIX and Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/139071http://www.ibm.com/support/docview.wss?uid=swg22013756http://www.securityfocus.com/bid/105580http://www.securitytracker.com/id/1041012