High Severity

IBM Security Bulletin: IBM Db2 Warehouse has released a fix in response to the vulnerability known as Spectre (CVE-2017-5753)

Share this post:

IBM has released the following fix for IBM Db2 Warehouse in response to CVE-2017-5753.

CVE(s): CVE-2017-5753

Affected product(s) and affected version(s):

IBM dashDB Local v1.0.0 – v1.9.0, IBM Db2 Warehouse v1.10.0 – v1.11.1, and Db2 Warehouse v2.0.0 – v2.3.0; all container types

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012814

More stories

Security Bulletin: CSV Injection (CVE-2019-4490)

Nov 14, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-4490 DESCRIPTION:   CVSS Base score: 7.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164111 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)

Nov 14, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2015-7450 DESCRIPTION:   Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.CVSS Base score: 9.8CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Nov 13, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-4473 DESCRIPTION:   Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163984 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID:   CVE-2019-11771 DESCRIPTION:   AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163989 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more