Security Bulletin
Summary
Security Bulletin: Infosphere BigInsights is affected by multiple IBM DB2 advisories (CVE-2014-8910, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935). The vulnerabilities exist in the Big SQL server component included in BigInsights.
Vulnerability Details
CVEID: CVE-2014-8910
DESCRIPTION: IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted XML statement to view text files owned by the DB2 instance owner.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99251 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVEID: CVE-2015-1883
DESCRIPTION: IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user with elevated privilege could exploit this vulnerability by manipulating a auto maintenance policies stored procedure to view any files owned by the DB2 fenced user on Unix/Linux or Windows administrator on Windows.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101239 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVEID: CVE-2015-1922
DESCRIPTION: IBM DB2 contains an illegal data access vulnerability. DB2 Data Movement feature does not perform sufficient privilege checking which allows a user with elevated privilege to delete rows from a table.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102429 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVEID: CVE-2015-1935
DESCRIPTION: IBM DB2 LUW contains a denial of service vulnerability in scalar function that may cause the DB2 server to terminate abnormally.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102979 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Affected Products and Versions
IBM InfoSphere BigInsights: 3.0, 3.0.0.1, 3.0.0.2, 4.0, 4.1
Remediation/Fixes
For all the affected versions, apply the interim fix available from Fix Central.
Get Notified about Future Security Bulletins
References
Change History
21 September 2015: Original Copy Published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
08 April 2021
UID
swg21966964