Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCC20F8EF4B1BA5F5692A35E71BA7F079876665C2D30A7466BED8573EBC3614AB
HistoryJan 15, 2020 - 1:09 a.m.

Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2019-4558)

2020-01-1501:09:10
www.ibm.com
5

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

Db2 LUW is affected by a vulnerability in IBM® Spectrum Scale Version 5.0.x and 4.2.x that is used by Db2® pureScale™ Feature on AIX and Linux. IBM Spectrum Scale is previously known as General Parallel File System (GPFS).

Vulnerability Details

CVEID:CVE-2019-4558
**DESCRIPTION:**A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166282 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

All fix pack levels of IBM Db2 V11.1 and V11.5 editions running on AIX and Linux are affected, and only for those customers who have Db2® pureScale™ Feature installed.

IBM Db2 V10.5 is not affected

Remediation/Fixes

The recommended solution is to apply the appropriate fix for this vulnerability.

FIX:

Customers running any vulnerable fix pack level of an affected Program, V11.1 and 11.5, can contact IBM technical support to obtain the GPFS eFix. Before installing the GPFS eFix, the Db2 level might need to be upgraded to the level that includes the supported GPFS level. Do not attempt to upgrade GPFS by any other means. The table below lists the Db2 releases, the prerequisite that needs to be installed first and the GPFS eFix to request from IBM technical support. DB2 Release Obtain following GPFS eFix from IBM technical support

11.1

|

4.2.3.17 eFix 1

11.5

|

5.0.2.3 eFix 35

The GPFS eFix install instructions are available here:<http://www-01.ibm.com/support/docview.wss?uid=swg27048484&gt;

Workarounds and Mitigations

None

Related

cve 1
ibm 3
symantec 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2019-4558
2019-10-09 16:15:16
ibm
ibm
Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected where the local attacker can obtain root privilege by injecting parameters into setuid files (CVE-2019-4558)
2019-12-23 08:44:55
Security Bulletin: IBM Storwize V7000 Unified is affected by vulnerability in GPFS (CVE-2019-4558)
2020-05-20 12:51:23
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where the local attacker can obtain root privilege by injecting parameters into setuid files (CVE-2019-4558)
2019-10-07 14:35:20
symantec
symantec
IBM Spectrum Scale CVE-2019-4558 Local Privilege Escalation Vulnerability
2019-12-18 00:00:00
prion
prion
Security feature bypass
2019-10-09 16:15:00
cvelist
cvelist
CVE-2019-4558
2019-10-07 00:00:00
nvd
nvd
CVE-2019-4558
2019-10-09 16:15:16

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CC20F8EF4B1BA5F5692A35E71BA7F079876665C2D30A7466BED8573EBC3614AB
cve1ibm3symantec1prion1cvelist1nvd1