Vigil@nce - IBM DB2 10.5: eight vulnerabilities
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of IBM DB2 10.5.
Impacted products: DB2 UDB.
Severity: 2/4.
Creation date: 31/12/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in IBM DB2 10.5.
An attacker can transmit malicious XML data, in order to read a
file, scan sites, or trigger a denial of service. [severity:2/4;
CVE-2014-8910, IT06354]
An attacker can trigger a fatal error in SCALAR FUNCTIONS, in
order to trigger a denial of service. [severity:2/4;
CVE-2015-0157, IT07108]
An attacker can bypass security features in AUTOMATED MAINTENANCE,
in order to obtain sensitive information. [severity:2/4;
CVE-2015-1883, IT08080]
An unknown vulnerability was announced in GPFS. [severity:2/4;
CVE-2015-0197, IT08112]
An unknown vulnerability was announced in GPFS. [severity:2/4;
CVE-2015-0198, IT08112]
An unknown vulnerability was announced in GPFS. [severity:2/4;
CVE-2015-0199, IT08112]
An attacker can delete a table, in order to trigger a denial of
service. [severity:2/4; CVE-2015-1922, IT08525]
An attacker can trigger a fatal error in SCALAR FUNCTION, in order
to trigger a denial of service. [severity:1/4; CVE-2015-1935,
IT08543]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/IBM-DB2-10-5-eight-vulnerabilities-18621