Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM345AFFDFC6599C3096744E47E48E98BE362640F33341D11CE0796BCB77B93E39
HistoryJun 28, 2019 - 9:25 p.m.

Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2018-1922, CVE-2018-1923, CVE-2018-1936, CVE-2018-1978, CVE-2018-1980, CVE-2019-4014, CVE-2019-4015, CVE-2019-4016, CVE-2019-4094)

2019-06-2821:25:02
www.ibm.com
12

EPSS

0.001

Percentile

32.2%

JSON

Summary

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Server is affected by multiple IBM Db2 vulnerabilities such as buffer overflow and loading binaries from an untrusted path. These Db2 vulnerabilities could allow execution of arbitrary code on the system or elevation of user privileges.

Vulnerability Details

CVEID: CVE-2018-1922 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152858&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-1923 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152859&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-1936 DESCRIPTION: IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153316&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-1978 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154069&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-1980 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154078&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-4014 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155892&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-4015 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893…
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155893&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-4016 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155894&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2019-4094 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158014&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

These vulnerabilities affects the following IBM Spectrum Protect (formerly Tivoli Storage Manager) Server levels:

  • 8.1.0.0 through 8.1.7.xxx
  • 7.1.0.0 through 7.1.9.200

Remediation/Fixes

IBM Spectrum Protect
Server Release | First Fixing
VRM Level | Platform | Link to Fix
—|—|—|—
8.1 | 8.1.8 | AIX
Linux
Windows |

<https://www.ibm.com/support/docview.wss?uid=ibm10888463&gt;

7.1

|

7.1.9.300

| AIX
HP-UX
Linux
Solaris
Windows |

ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/server/

Workarounds and Mitigations

None

Related

nessus 3
ibm 16
cvelist 9
prion 9
nvd 9
cve 9
nessus
nessus
IBM Spectrum Protect 7.1.x < 7.1.9.300 / 8.1.x < 8.1.8 Multiple Vulnerabilities
2019-07-24 00:00:00
IBM DB2 9.7 < FP11 Special Build 38744 / 10.1 < FP6 Special Build 38745 / 10.5 < FP10 Special Build 38746 / 11.1 < M4FP5 Buffer Overflow Vulnerability (UNIX)
2019-07-12 00:00:00
IBM DB2 9.7 < FP11 Special Build 38744 / 10.1 < FP6 Special Build 38745 / 10.5 < FP10 Special Build 38746 / 11.1.4 < FP4a Special Build 38747 Buffer Overflow Vulnerability (Windows)
2019-07-12 00:00:00
ibm
ibm
Security Bulletin: One or more security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics (CVE-2018-1980,CVE-2019-4094,CVE-2018-1922,CVE-2018-1978,CVE-2018-1923,CVE-2019-4016,CVE-2019-4015)
2022-04-04 20:43:01
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with Predictive Maintenance and Quality
2019-04-10 14:35:01
Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product
2019-08-22 17:46:47
cvelist
cvelist
CVE-2018-1980
2019-03-11 22:00:00
CVE-2019-4014
2019-04-03 13:50:29
CVE-2019-4016
2019-03-11 22:00:00
prion
prion
Buffer overflow
2019-03-11 22:29:00
Buffer overflow
2019-03-11 22:29:00
Buffer overflow
2019-03-11 22:29:00
nvd
nvd
CVE-2018-1980
2019-03-11 22:29:00
CVE-2018-1923
2019-03-11 22:29:00
CVE-2019-4014
2019-04-03 14:29:00
cve
cve
CVE-2018-1980
2019-03-11 22:29:00
CVE-2018-1923
2019-03-11 22:29:00
CVE-2019-4016
2019-03-11 22:29:01

EPSS

0.001

Percentile

32.2%

JSON
Related for 345AFFDFC6599C3096744E47E48E98BE362640F33341D11CE0796BCB77B93E39
nessus3ibm16cvelist9prion9nvd9cve9