Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM47BAAA630C240E3CDE2D00222D71BCF6C4FD1F0637BCB22ABF3A72C0985D7E24
HistoryJul 18, 2020 - 11:17 p.m.

Security Bulletin: BigInsights is affected by multiple vulnerabilities in Db2

2020-07-1823:17:55
www.ibm.com
19

EPSS

0.005

Percentile

76.3%

JSON

Summary

BigInsights is affected by multiple vulnerabilities in Db2

Vulnerability Details

CVEID: CVE-2017-1105**
DESCRIPTION:** IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120668 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID: CVE-2017-1134**
DESCRIPTION:** IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121453 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-1297**
DESCRIPTION:** IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125159 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-1434**
DESCRIPTION:** IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127806 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-1438**
DESCRIPTION:** IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.
CVSS Base Score: 6.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128057 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-1439**
DESCRIPTION:** IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.
CVSS Base Score: 6.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128058 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-1451**
DESCRIPTION:** IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.
CVSS Base Score: 6.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128178 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-1452**
DESCRIPTION:** IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.
CVSS Base Score: 6.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128180 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-1519**
DESCRIPTION:** IBM Db2 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/129829 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-1520**
DESCRIPTION:** IBM Db2 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/129830 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM BigInsights: 4.2, 4.2.5

Remediation/Fixes

Please contact technical support to obtain fix and install instructions.

Workarounds and Mitigations

None

Related

ibm 15
openvas 5
nessus 6
cvelist 10
nvd 10
cve 10
prion 10
talos 1
exploitpack 1
exploitdb 1
zdt 1
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products
2018-06-17 15:46:17
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM Predictive Maintenance and Quality
2018-06-15 23:49:11
Security Bulletin: Multiple DB2 vulnerabilities affect IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1434, CVE-2017-1438, CVE-2017-1439, CVE-2017-1451, CVE-2017-1452)
2018-06-17 15:49:27
openvas
openvas
IBM Db2 Multiple Privilege Escalation Vulnerabilities
2017-09-14 00:00:00
IBM Db2 'Exceptional Conditions' Buffer Overflow Vulnerability - Linux
2017-06-29 00:00:00
IBM Db2 Denial of Service Vulnerability (Sep 2017)
2017-09-14 00:00:00
nessus
nessus
IBM DB2 9.7 < FP11 Special Build 36826 / 10.1 < FP6 Special Build 36827 / 10.5 < FP8 Special Build 36828 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (UNIX)
2017-09-15 00:00:00
IBM DB2 10.5 < FP8 Special Build 36828 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (Windows)
2017-09-15 00:00:00
IBM DB2 Connect 9.7 < FP11 Special Build 36621 / 10.1 < FP6 Special Build 36610 / 10.5 < FP8 Special Build 36605 / 11.1.2 < FP2 Multiple Vulnerabilities (Windows)
2017-06-30 00:00:00
cvelist
cvelist
CVE-2017-1451
2017-09-12 21:00:00
CVE-2017-1452
2017-09-12 21:00:00
CVE-2017-1434
2017-09-12 21:00:00
nvd
nvd
CVE-2017-1451
2017-09-12 21:29:00
CVE-2017-1519
2017-09-12 21:29:00
CVE-2017-1434
2017-09-12 21:29:00
cve
cve
CVE-2017-1451
2017-09-12 21:29:00
CVE-2017-1519
2017-09-12 21:29:00
CVE-2017-1520
2017-09-12 21:29:00
prion
prion
Denial of service
2017-09-12 21:29:00
Design/Logic Flaw
2017-09-12 21:29:00
Privilege escalation
2017-09-12 21:29:00
talos
talos
IBM DB2 Shared Memory Insecure Permissions Vulnerability
2018-04-06 00:00:00
exploitpack
exploitpack
IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow
2017-06-26 00:00:00
exploitdb
exploitdb
IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow
2017-06-26 00:00:00
zdt
zdt
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow Exploit
2017-06-27 00:00:00

EPSS

0.005

Percentile

76.3%

JSON
Related for 47BAAA630C240E3CDE2D00222D71BCF6C4FD1F0637BCB22ABF3A72C0985D7E24
ibm15openvas5nessus6cvelist10nvd10cve10prion10talos1exploitpack1exploitdb1zdt1