14 matches found
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by vulnerabilities in zlib (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843).
Summary IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is affected by vulnerabilities in zlib. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Content Collector for SAP Applications (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Content Collector for SAP Applications. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...
Security Bulletin: Privilege escalation vulnerability affects IBM® DB2® LUW (CVE-2017-1134)
Summary DB2 LUW is affected by a vulnerability in IBM Tivoli System Automation for Multiplatforms TSAMP. Vulnerability Details A privilege escalation vulnerability affects IBM Reliable Scalable Cluster Technology shipped with IBM Tivoli System Automation for Multiplatforms. CVEID: CVE-2017-1134...
Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463)
Summary IBM DB2 for LUW bundles a XMLC library that is affected by CVE-2016-0729. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially crafted statement. This may cause the DB2 server to terminate abnormally or execute arbitary code. Vulnerability Details CVE-I...
Security Bulletin: Vulnerabilities in the GSKit component of IBM® DB2® LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421)
Summary Vulnerabilities have been addressed in the GSKit component of IBM DB2 LUW. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain...
Security Bulletin: Vulnerability in IBM Java SDK affects IBM® DB2® LUW (CVE-2015-7575)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6.0 and 7.0 that is used by DB2 LUW. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The T...
Security Bulletin: Vulnerabilities in GPFS affect IBM® DB2® LUW on AIX and Linux (CVE-2015-4974, CVE-2015-4981 & CVE-2015-7403)
Summary DB2 LUW is affected by multiple vulnerabilities in IBM® General Parallel File System, Version V3.5 that is used by DB2® pureScale™ Feature on AIX and Linux. Vulnerability Details CVEID: CVE-2015-4974 DESCRIPTION: IBM General Parallel File System could allow a local non privileged attacker...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® DB2® LUW (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DB2 LUW. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a...
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-1788)
Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit and IBM Tivoli Flash Copy Manager. IBM DB2 LUW uses GSKit & IBM Tivoli Flash Copy Manager and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerab...
Security Bulletin: IBM® DB2® LUW contains a bypass security vulnerability in its Data Movement feature (CVE-2015-1922)
Summary IBM DB2 LUW contains a bypass security vulnerability in its Data Movement feature. Vulnerability Details CVEID: CVE-2015-1922 DESCRIPTION: IBM DB2 contains a bypass security vulnerability. DB2 Data Movement feature does not perform sufficient privilege checking which allows a user with...
Security Bulletin: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM® DB2® LUW. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by the...
Security Bulletin: IBM® DB2® LUW is affected by the JSON-C vulnerability (CVE-2013-6371)
Summary IBM® DB2® LUW is affected by a denial of service vulnerability in JavaScript Object Notation JSON-C, caused by an error in the hash function during string parsing. A remote, unauthorized user could exploit this vulnerability to consume all available CPU resources. Vulnerability Details CV...
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in ALTER MODULE statement handling. (CVE-2014-3094)
Summary IBM DB2 is vulnerable to a stack buffer overflow, caused by improper bounds checking in the handling of the ALTER MODULE statement. Vulnerability Details CVE ID: CVE-2014-3094 DESCRIPTION: DB2 is vulnerable to a stack buffer overflow attack, caused by improper bounds checking in the...
Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory XML file disclosure vulnerability via GETWRAPCFGC and GETWRAPCFGC2 system stored procedures. Risk Level: Medium Affected versions: IBM DB2 LUW 9.1, 9.5, 9.7, 10.1 Remote exploitable: No Credits: This...