Security Bulletin: Infosphere BigInsights is affected by multiple IBM DB2 advisories (CVE-2014-8910, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935). The vulnerabilities exist in the Big SQL server component included in BigInsights.
CVEID: CVE-2014-8910**
DESCRIPTION:** IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted XML statement to view text files owned by the DB2 instance owner.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99251 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVEID: CVE-2015-1883**
DESCRIPTION:** IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user with elevated privilege could exploit this vulnerability by manipulating a auto maintenance policies stored procedure to view any files owned by the DB2 fenced user on Unix/Linux or Windows administrator on Windows.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101239 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVEID: CVE-2015-1922**
DESCRIPTION:** IBM DB2 contains an illegal data access vulnerability. DB2 Data Movement feature does not perform sufficient privilege checking which allows a user with elevated privilege to delete rows from a table.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102429 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVEID: CVE-2015-1935**
DESCRIPTION:** IBM DB2 LUW contains a denial of service vulnerability in scalar function that may cause the DB2 server to terminate abnormally.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102979 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C)
IBM InfoSphere BigInsights: 3.0, 3.0.0.1, 3.0.0.2, 4.0, 4.1
For all the affected versions, apply the interim fix available from Fix Central.