Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6F3CDB4CF5C8E933CD08F3E1483311C4A8C20E9DDE832B186832CCE27F2DEE0C
HistoryOct 18, 2019 - 3:50 a.m.

Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700, 7710 and IBM PureData System for Operational Analytics are affected by an IBM DB2 ALTER TABLE vulnerability (CVE-2014-6159)

2019-10-1803:50:04
www.ibm.com
3

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

JSON

Summary

The IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700, 7710 and IBM PureData System for Operational Analytics ship with either IBM DB2 Version 9.7 or Version 10.1. IBM DB2 contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE . This could result in a DB2 server crash; if so, the server would need to be restarted.

Vulnerability Details

CVE ID:_ CVE-2014-6159_**
** DESCRIPTION:
IBM DB2 contains a disruption of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability when DB2 is configured with immediate auto revalidation (i.e. AUTO_REVAL configuration parameter is set to IMMEDIATE). The user would need valid security credentials to connect to the database and would need to execute specially crafted ALTER table statements (that require control privileges on the target table). Note: the AUTO_REVAL configuration parameter is set to DEFERRED by default.
**
CVSS**:
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97708 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:C)

Affected Products and Versions

IBM InfoSphere Balanced Warehouse C3000
IBM InfoSphere Balanced Warehouse C4000
IBM Smart Analytics System 1050
IBM Smart Analytics System 2050
IBM Smart Analytics System 5600
IBM Smart Analytics System 5710
IBM Smart Analytics System 7600
IBM Smart Analytics System 7700
IBM Smart Analytics System 7710
IBM PureData System for Operational Analytics A1791

Remediation/Fixes

Find your IBM InfoSphere Balanced Warehouse, IBM Smart Analytics System, or IBM PureData System for Operational Analytics product in the table below and contact IBM Support with an APAR number to request a special build containing an interim fix.

For more information about IBM IDs, see the Help and FAQ.

Product Affected Component APAR Download Link Additional Information
IBM InfoSphere Balanced Warehouse C3000
IBM InfoSphere Balanced Warehouse C4000
IBM Smart Analytics System 1050
IBM Smart Analytics System 2050 DB2 V9.7 IT05105 DB2 V9.7 FP10 Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
IBM Smart Analytics System 5600 V1
IBM Smart Analytics System 5600 V2 DB2 V9.7 IT05105 DB2 V9.7 FP10 Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
DB2 V10.1 IT05074 Contact IBM Support to obtain the fix. Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
IBM Smart Analytics System 5600 V3 DB2 V9.7 IT05105 Contact IBM Support to obtain the fix. Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
DB2 V10.1 IT05074 Contact IBM Support to obtain the fix. Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
IBM Smart Analytics System 5710
IBM Smart Analytics System 7600 DB2 V9.7 IT05105 DB2 V9.7 FP10 Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
IBM Smart Analytics System 7700 DB2 V9.7 IT05105 Contact IBM Support to obtain the fix. Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
DB2 V10.1 IT05074 Contact IBM Support to obtain the fix. Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
IBM Smart Analytics System 7710 DB2 V9.7 IT05105 Contact IBM Support to obtain the fix. Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
IBM PureData System for Operational Analytics A1791 DB2 V10.1 IT05074 Contact IBM Support to obtain the fix. Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)

| DB2 V10.5| IT04730| Contact IBM Support to obtain the fix.| Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)

For assistance, contact IBM Support:

Related

openvas 1
prion 1
ibm 2
cvelist 1
cve 1
nessus 3
openvas
openvas
IBM Db2 'ALTER TABLE' DoS Vulnerability
2017-12-15 00:00:00
prion
prion
Code injection
2014-11-08 11:55:00
ibm
ibm
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE . (CVE-2014-6159)
2018-06-16 13:07:51
Security Bulletin: Infosphere BigInsights contains multiple vulnerabilities in which an ALTER TABLE statement may cause the Big SQL server to terminate abnormally. (CVE-2014-6159, CVE-2014-6209, CVE-2014-6210)
2020-07-18 23:22:56
cvelist
cvelist
CVE-2014-6159
2014-11-08 11:00:00
cve
cve
CVE-2014-6159
2014-11-08 11:55:00
nessus
nessus
IBM DB2 9.7 < Fix Pack 10 Multiple Vulnerabilities
2014-11-14 00:00:00
IBM DB2 10.1 < Fix Pack 5 Multiple Vulnerabilities (Bar Mitzvah)
2016-04-15 00:00:00
IBM DB2 10.1 < Fix Pack 5 Multiple Vulnerabilities (Bar Mitzvah)
2015-07-18 00:00:00

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

JSON
Related for 6F3CDB4CF5C8E933CD08F3E1483311C4A8C20E9DDE832B186832CCE27F2DEE0C
openvas1prion1ibm2cvelist1cve1nessus3