The IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700, 7710 and IBM PureData System for Operational Analytics ship with either IBM DB2 Version 9.7 or Version 10.1. IBM DB2 contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE . This could result in a DB2 server crash; if so, the server would need to be restarted.
CVE ID:_ CVE-2014-6159_**
** DESCRIPTION:
IBM DB2 contains a disruption of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability when DB2 is configured with immediate auto revalidation (i.e. AUTO_REVAL configuration parameter is set to IMMEDIATE). The user would need valid security credentials to connect to the database and would need to execute specially crafted ALTER table statements (that require control privileges on the target table). Note: the AUTO_REVAL configuration parameter is set to DEFERRED by default.
**
CVSS**:
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97708 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:C)
IBM InfoSphere Balanced Warehouse C3000
IBM InfoSphere Balanced Warehouse C4000
IBM Smart Analytics System 1050
IBM Smart Analytics System 2050
IBM Smart Analytics System 5600
IBM Smart Analytics System 5710
IBM Smart Analytics System 7600
IBM Smart Analytics System 7700
IBM Smart Analytics System 7710
IBM PureData System for Operational Analytics A1791
Find your IBM InfoSphere Balanced Warehouse, IBM Smart Analytics System, or IBM PureData System for Operational Analytics product in the table below and contact IBM Support with an APAR number to request a special build containing an interim fix.
For more information about IBM IDs, see the Help and FAQ.
| DB2 V10.5| IT04730| Contact IBM Support to obtain the fix.| Security Bulletin: IBM DB2 LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE (CVE-2014-6159)
For assistance, contact IBM Support: