Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB65C06C7068AC6E71615EA733D9D2A922C3C2C4CBE41D43E75002BCEB948E319
HistoryApr 08, 2021 - 8:59 p.m.

Security Bulletin: Infosphere BigInsights is affected by multiple IBM DB2 advisories (CVE-2014-8910, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935).

2021-04-0820:59:42
www.ibm.com
9
ibm
biginsights
db2
big sql
file disclosure
privilege escalation
denial of service
3.0
3.0.0.1
3.0.0.2
4.0
4.1

EPSS

0.004

Percentile

73.3%

JSON

Summary

Security Bulletin: Infosphere BigInsights is affected by multiple IBM DB2 advisories (CVE-2014-8910, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935). The vulnerabilities exist in the Big SQL server component included in BigInsights.

Vulnerability Details

CVEID: CVE-2014-8910**
DESCRIPTION:** IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted XML statement to view text files owned by the DB2 instance owner.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99251 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVEID: CVE-2015-1883**
DESCRIPTION:** IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user with elevated privilege could exploit this vulnerability by manipulating a auto maintenance policies stored procedure to view any files owned by the DB2 fenced user on Unix/Linux or Windows administrator on Windows.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101239 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVEID: CVE-2015-1922**
DESCRIPTION:** IBM DB2 contains an illegal data access vulnerability. DB2 Data Movement feature does not perform sufficient privilege checking which allows a user with elevated privilege to delete rows from a table.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102429 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVEID: CVE-2015-1935**
DESCRIPTION:** IBM DB2 LUW contains a denial of service vulnerability in scalar function that may cause the DB2 server to terminate abnormally.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102979 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Affected Products and Versions

IBM InfoSphere BigInsights: 3.0, 3.0.0.1, 3.0.0.2, 4.0, 4.1

Remediation/Fixes

For all the affected versions, apply the interim fix available from Fix Central.

Related

ibm 5
openvas 1
nessus 6
cvelist 4
prion 4
ubuntucve 4
nvd 4
cve 4
ibm
ibm
Security Bulletin: Infosphere BigInsights is affected by multiple IBM DB2 advisories (CVE-2014-8910, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935)
2020-07-18 23:29:35
Security Bulletin: IBM® DB2® contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910)
2018-06-16 13:09:56
Security Bulletin: IBM® DB2® contains a file disclosure vulnerability in the database automated maintenance feature (CVE-2015-1883)
2018-06-16 13:09:56
openvas
openvas
IBM DB2 Multiple Vulnerabilities (Jul 2015)
2015-07-29 00:00:00
nessus
nessus
IBM DB2 10.1 < Fix Pack 5 / 10.5 < Fix Pack 6 Multiple Vulnerabilities
2016-04-15 00:00:00
IBM DB2 10.5 <= Fix Pack 5 Multiple Vulnerabilities
2015-07-18 00:00:00
IBM DB2 9.8 <= Fix Pack 5 Multiple Vulnerabilities
2014-06-18 00:00:00
cvelist
cvelist
CVE-2014-8910
2015-07-20 01:00:00
CVE-2015-1883
2015-07-20 01:00:00
CVE-2015-1922
2015-07-20 01:00:00
prion
prion
Code injection
2015-07-20 01:59:00
Code injection
2015-07-20 01:59:00
Code injection
2015-07-20 01:59:00
ubuntucve
ubuntucve
CVE-2014-8910
2015-07-20 00:00:00
CVE-2015-1883
2015-07-20 00:00:00
CVE-2015-1935
2015-07-20 00:00:00
nvd
nvd
CVE-2014-8910
2015-07-20 01:59:00
CVE-2015-1883
2015-07-20 01:59:04
CVE-2015-1922
2015-07-20 01:59:05
cve
cve
CVE-2014-8910
2015-07-20 01:59:00
CVE-2015-1883
2015-07-20 01:59:04
CVE-2015-1922
2015-07-20 01:59:05

EPSS

0.004

Percentile

73.3%

JSON
Related for B65C06C7068AC6E71615EA733D9D2A922C3C2C4CBE41D43E75002BCEB948E319
ibm5openvas1nessus6cvelist4prion4ubuntucve4nvd4cve4