Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM04594FA873F46EB213D01BFF22ADE4302283227D2551DF741D0692B8077AF4DD
HistoryJan 09, 2020 - 8:32 p.m.

Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1783).

2020-01-0920:32:53
www.ibm.com
7

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary

Db2 LUW is affected by a vulnerability in IBM® Spectrum Scale Version 4.1.x and 4.2.x that is used by Db2® pureScale™ Feature on AIX and Linux. IBM Spectrum Scale is previously known as General Parallel File System (GPFS).

Vulnerability Details

CVEID:CVE-2018-1783
**DESCRIPTION:**IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148806 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

All fix pack levels of IBM Db2 V10.5 and V11.1 editions running on AIX and Linux are affected, and only for those customers who have Db2® pureScale™ Feature installed. Db2 V11.5 is not affected.

Remediation/Fixes

The recommended solution is to apply the appropriate fix for this vulnerability.

FIX:

Customers running any vulnerable fixpack level of an affected program, V10.5 or V11.1, can contact IBM technical support to obtain the GPFS eFix. Before installing the GPFS eFix, the Db2 level might need to be upgraded to the level that includes the supported GPFS level. Do not attempt to upgrade GPFS by any other means. The table below lists the Db2 releases, the prerequisite that needs to be installed first and the GPFS efix to request from IBM technical support. Db2 Release Obtain following GPFS efix from IBM technical support
10.5 4.1.1.17 efix 9
11.1 4.2.3.17 efix 1

The GPFS efix install instructions are available here:<http://www-01.ibm.com/support/docview.wss?uid=swg27048484&gt;

Workarounds and Mitigations

None

Related

prion 1
ibm 6
cve 1
nvd 1
cvelist 1
prion
prion
Command injection
2018-10-05 13:29:00
ibm
ibm
Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1783) for Power on Linux
2019-05-31 18:25:01
Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1783)
2019-04-15 11:40:01
Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1783)
2018-11-27 18:05:01
cve
cve
CVE-2018-1783
2018-10-05 13:29:09
nvd
nvd
CVE-2018-1783
2018-10-05 13:29:09
cvelist
cvelist
CVE-2018-1783
2018-10-05 13:00:00

0.0004 Low

EPSS

Percentile

12.6%

JSON
Related for 04594FA873F46EB213D01BFF22ADE4302283227D2551DF741D0692B8077AF4DD
prion1ibm6cve1nvd1cvelist1