High Severity

IBM Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2019-4094).

Share this post:

Db2 binaries load shared libraries from an untrusted path, potentially giving low privileged local user root access.

CVE(s): CVE-2019-4094

Affected product(s) and affected version(s):

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 editions on all platforms are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/docview.wss?uid=ibm10875860
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158014

More stories

IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations

Mar 20, 2019 10:02 am EDT | High Severity

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. CVE(s): CVE-2018-17188 Affected product(s) and affected version(s):All ...read more


IBM Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU

Mar 20, 2019 10:02 am EDT | High Severity

There are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU used by IBM Streams. IBM Streams has addressed the applicable CVEs. CVE(s): CVE-2018-3139, CVE-2018-3136, CVE-2018-13785, CVE-2018-3214, CVE-2018-3180, CVE-2018-3149, CVE-2018-3169, CVE-2018-3183 Affected product(s) and affected version(s): Affected InfoSphere Streams Affected Versions InfoSphere Streams 4.0.1.6 and earlier ...read more


IBM Security Bulletin: Vulnerabilities in deserialization of openid connect cookie

Mar 20, 2019 10:01 am EDT | High Severity

There are vulnerabilities in deserialization of openid connect cookie used by IBM Streams. IBM Streams has addressed the applicable CVEs. CVE(s): CVE-2018-1851 Affected product(s) and affected version(s): Affected InfoSphere Streams Affected Versions InfoSphere Streams 4.0.1.6 and earlier InfoSphere Streams 3.2.1.6 and earlier IBM Streams 4.1.1.7 and earlier IBM Streams 4.2.1.5 and earlier IBM Streams 4.3.0.0 ...read more