Security Bulletin: IBM Informix Dynamic Server is affected by privilege escalation vulnerabilities

Summary IBM Informix Dynamic Server has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1630 DESCRIPTION: IBM Informix Dynamic Server v12.10 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link...

Security Bulletin: IBM Informix Dynamic Server is affected to denial of service due to FasterXML jackson-databind (CVE-2020-36518)

Summary There is a denial of service vulnerability in FasterXML jackson-databind CVE-2020-36518 open source library included in IBM Informix Dynamic Server for IBM InformixHQ. FasterXML jackson-databind 2.13.2.2 resolves the vulnerability. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION:...

Security Bulletin: IBM Informix Dynamic Server is vulnerable to denial of service (CVE-2021-45105) and remote code execution (CVE-2021-45046) due to Apache Log4j

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Informix Dynamic Server for IBM Informix HQ. IBM Informix Dynamic Server is vulnerable to denial of service CVE-2021-45105 and remote code execution CVE-2021-45046 due to Apache Log4j. The fix is included in Apac...

Security Bulletin: IBM Informix Dynamic Server in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Apache Log4j library CVE-2021-45105, CVE-2021-45046 is used to provide logging functionality for IBM Informix Dynamic Server in Cloud Pak for Data CP4D. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

Security Bulletin: IBM Informix Dynamic Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Informix Dynamic Server for IBM Informix HQ. The fix includes Apache Log4j 2.17.1. Customers are encouraged to take immediated action by applying the interim fix. Vulnerability Details CVEID: CVE-2021-4104...

Security Bulletin: IBM Informix Dynamic Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Informix Dynamic Server for IBM Informix HQ. Customers are encouraged to take action by applying the interim fix. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacke...

Security Bulletin: Vulnerability in OpenSSL affects Informix Dynamic Server and CSDK (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. Informix Dynamic Server uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when...

Security Bulletin: A vulnerability in the GSKit component of Informix Dynamic Server (IDS) (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit, component of Informix Dynamic Server IDS . Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this...

Security Bulletin: TLS padding vulnerability affects Informix Dynamic Server ( CVE-2014-8730)

Summary IBM Informix Dynamic Server can be affected by a TLS Transport Layer Security padding vulnerability which can allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Informix Dynamic Server. CVEID: CVE-2014-8730 DESCRIPTION: I...

IBM Informix Dynamic Server 14.10.x < 14.10.xC5 Buffer Overflow (6448568)

The version of IBM Informix Dynamic Server installed on the remote is 14.10.x prior to 14.10.xC5. It is, therefore, affected by a buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of...

CVE-2021-20515

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366...

CVE-2021-20515

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366...

Stack overflow

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366...

CVE-2021-20515

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366...

CVE-2021-20515

CVE-2021-20515 affects IBM Informix Dynamic Server 14.10 and describes a stack-based buffer overflow caused by improper bounds checking. A locally privileged user could overflow a buffer and execute arbitrary code or cause a denial of service. IBM’s Security Bulletin lists 14.10.xC5 as the fix ve...

IBM Informix Dynamic Server Buffer Overflow Vulnerability (CNVD-2021-32619)

IBM Informix Dynamic Server is a scalable object-relational database server from IBM in the United States that provides clustered data centers with features such as continuous data availability and disaster recovery. A buffer overflow vulnerability exists in IBM Informix Dynamic Server that stems...

IBM Informix Dynamic Server 缓冲区错误漏洞

IBM Informix Dynamic Server is a scalable object-relational database server from IBM in the United States that provides clustered data centers with features such as continuous data availability and disaster recovery. A buffer overflow vulnerability exists in IBM Informix Dynamic Server that stems...

The vulnerability of the Informix Spatial DataBlade module of the IBM Informix Dynamic Server (IDS) database management system allows attackers to enhance their privileges.

The vulnerability of the Informix Spatial DataBlade module of the IBM Informix Dynamic Server IDS database management system lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow attackers to increase their privileges...

Vulnerability fixed in IBM Informix

IBM has fixed a vulnerability in Informix. A local malicious party could potentially exploit the vulnerability to execute arbitrary code under the privileges of the informix user. IBM has released updates to fix the vulnerability in Informix Dynamic Server. For more information, see:...

IBM Informix Dynamic Server Privilege License and Access Control Issues Vulnerability (CNVD-2019-29425)

IBM Informix Dynamic Server IDS is a scalable object-relational database server from IBM in the United States that provides continuous data availability and disaster recovery, among other features, for clustered data centers. IBM Informix Dynamic Server suffers from a Privilege Permission and...