Infosphere BigInsights is affected by vulnerability in DB2 that can lead to user ID and password/cipher exposure (CVE-2014-0919). The vulnerability exists in the Big SQL server component included in BigInsights.
CVEID: CVE-2014-0919**
DESCRIPTION:** IBM DB2 contains a vulnerability that would allow an authenticated user to execute a series of commands that would disclose the user name and password of users of the federated data servers and services.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/91981 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
IBM InfoSphere BigInsights: 3.0, 3.0.0.1, 3.0.0.2, 4.0
For affected versions, apply the interim fix from Fix Central by following instructions in Readme.
BigInsights Version | Fix Central Link to DB2 installable image | Readme |
---|---|---|
3.0 / 3.0.0.1 | 3.0 / 3.0.0.1 Build | BigInsights 3.0.0.1 Readme for CVE-2014-0919 .docx |
3.0.0.2 | 3.0.0.2 Build | BigInsights 3.0.0.2 Readme for CVE-2014-0919 .docx |
4.0 | 4.0 Build | BigInsights 4.0 Readme for CVE-2014-0919 .docx |