19 matches found
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by vulnerabilities in zlib (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843).
Summary IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is affected by vulnerabilities in zlib. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to...
Security Bulletin: Security vulnerability in IBM Business Process Manager shipped with IBM SmartCloud Orchestrator and IBM Cloud Orchestrator (CVE-2014-8730)
Summary IBM Business Process Manager and DB2 Enterprise Server Edition are shipped as components of IBM SmartCloud Orchestrator and IBM Cloud Orchestrator. Information about a security vulnerability CVE-2014-8730 affecting both IBM Business Process Manager and IBM DB2 has been published in a...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Content Collector for SAP Applications (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Content Collector for SAP Applications. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...
Security Bulletin: Privilege escalation vulnerability affects IBM® DB2® LUW (CVE-2017-1134)
Summary DB2 LUW is affected by a vulnerability in IBM Tivoli System Automation for Multiplatforms TSAMP. Vulnerability Details A privilege escalation vulnerability affects IBM Reliable Scalable Cluster Technology shipped with IBM Tivoli System Automation for Multiplatforms. CVEID: CVE-2017-1134...
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS.
Summary DB2 LUW is affected by multiple vulnerabilities in IBM® General Parallel File System, Version 3.5 and 4.1.1 that is used by DB2® pureScale™ Feature on AIX and Linux. Vulnerability Details CVEID: CVE-2016-0263 DESCRIPTION: IBM General Parallel File System could allow a local user under...
Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463)
Summary IBM DB2 for LUW bundles a XMLC library that is affected by CVE-2016-0729. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially crafted statement. This may cause the DB2 server to terminate abnormally or execute arbitary code. Vulnerability Details CVE-I...
Security Bulletin: Vulnerabilities in the GSKit component of IBM® DB2® LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421)
Summary Vulnerabilities have been addressed in the GSKit component of IBM DB2 LUW. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain...
Security Bulletin: Vulnerability in IBM Java SDK affects IBM® DB2® LUW (CVE-2015-7575)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6.0 and 7.0 that is used by DB2 LUW. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The T...
Security Bulletin: Vulnerabilities in GPFS affect IBM® DB2® LUW on AIX and Linux (CVE-2015-4974, CVE-2015-4981 & CVE-2015-7403)
Summary DB2 LUW is affected by multiple vulnerabilities in IBM® General Parallel File System, Version V3.5 that is used by DB2® pureScale™ Feature on AIX and Linux. Vulnerability Details CVEID: CVE-2015-4974 DESCRIPTION: IBM General Parallel File System could allow a local non privileged attacker...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® DB2® LUW (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DB2 LUW. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a...
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-1788)
Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit and IBM Tivoli Flash Copy Manager. IBM DB2 LUW uses GSKit & IBM Tivoli Flash Copy Manager and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerab...
Security Bulletin: Vulnerability in IBM Java SDK affects IBM® DB2® LUW on HP-UX and Solaris (CVE-2015-0383)
Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Version 6.0 SR14, 7.0 SR5 and 7.0 SR6 that is used by DB2 LUW on HP-UX and Solaris. These issues was disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0383 DESCRIPTION: An...
Security Bulletin: IBM® DB2® LUW contains a bypass security vulnerability in its Data Movement feature (CVE-2015-1922)
Summary IBM DB2 LUW contains a bypass security vulnerability in its Data Movement feature. Vulnerability Details CVEID: CVE-2015-1922 DESCRIPTION: IBM DB2 contains a bypass security vulnerability. DB2 Data Movement feature does not perform sufficient privilege checking which allows a user with...
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in scalar functions (CVE-2015-0157)
Summary IBM DB2 LUW contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SQL statement with the vulnerable scalar functions. This could result in a DB2 server crash; if so, the server would need to be...
Security Bulletin: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM® DB2® LUW. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by the...
Security Bulletin: IBM® DB2® LUW is affected by the JSON-C vulnerability (CVE-2013-6371)
Summary IBM® DB2® LUW is affected by a denial of service vulnerability in JavaScript Object Notation JSON-C, caused by an error in the hash function during string parsing. A remote, unauthorized user could exploit this vulnerability to consume all available CPU resources. Vulnerability Details CV...
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in ALTER MODULE statement handling. (CVE-2014-3094)
Summary IBM DB2 is vulnerable to a stack buffer overflow, caused by improper bounds checking in the handling of the ALTER MODULE statement. Vulnerability Details CVE ID: CVE-2014-3094 DESCRIPTION: DB2 is vulnerable to a stack buffer overflow attack, caused by improper bounds checking in the...
IBM DB2 LUW Denial of Service Vulnerability (CNVD-2016-02177)
IBM DB2 LUW is a set of U.S. IBM's relational database management system running in the LUW Linux, UNIX and Windows platform. A security vulnerability exists in IBM DB2 LUW. A remote attacker can exploit this vulnerability to cause a denial of service service interruption with the help of a...
Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory XML file disclosure vulnerability via GETWRAPCFGC and GETWRAPCFGC2 system stored procedures. Risk Level: Medium Affected versions: IBM DB2 LUW 9.1, 9.5, 9.7, 10.1 Remote exploitable: No Credits: This...