Security Bulletin: IBM Db2 High Performance Unload is affected by - Buffer Overflow in --credential keystore vulnerability

Summary

IBM Db2 High Performance Unload has addressed the following vulnerability:Buffer Overflow in --credential keystore

Vulnerability Details

CVEID: CVE-2019-4523 DESCRIPTION: IBM DB2 High Performance Unload is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165481&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Db2 High Performance Unload load for LUW 6.5

Db2 High Performance Unload load for LUW 6.1

Remediation/Fixes

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information Management&product=ibm/Information+Management/Optim+High+Performance+Unload+for+DB2+Linux+UNIX+and+Windows&release=6.5&platform=All&function=all

InfoSphere Optim High Performance Unload for DB2 for Linux- UNIX and Windows | Had been fixed in Interim Fix 6.1.0.3.6(6.1.0.3 IF6) | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information Management&amp;product=ibm/Information+Management/Optim+High+Performance+Unload+for+DB2+Linux+UNIX+and+Windows&amp;release=6.1.0.3&amp;platform=All&amp;function=all

Workarounds and Mitigations

N/A