Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2014-0919).

Summary

Infosphere BigInsights is affected by vulnerability in DB2 that can lead to user ID and password/cipher exposure (CVE-2014-0919). The vulnerability exists in the Big SQL server component included in BigInsights.

Vulnerability Details

CVEID: CVE-2014-0919**
DESCRIPTION:** IBM DB2 contains a vulnerability that would allow an authenticated user to execute a series of commands that would disclose the user name and password of users of the federated data servers and services.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/91981 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)

Affected Products and Versions

IBM InfoSphere BigInsights: 3.0, 3.0.0.1, 3.0.0.2, 4.0

Remediation/Fixes

For affected versions, apply the interim fix from Fix Central by following instructions in Readme.

BigInsights Version	Fix Central Link to DB2 installable image	Readme
3.0 / 3.0.0.1	3.0 / 3.0.0.1 Build	BigInsights 3.0.0.1 Readme for CVE-2014-0919 .docx
3.0.0.2	3.0.0.2 Build	BigInsights 3.0.0.2 Readme for CVE-2014-0919 .docx
4.0	4.0 Build	BigInsights 4.0 Readme for CVE-2014-0919 .docx