IBM DB2 10.1 Improper Input Validation Vulnerability

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash.

Credit:

The information has been provided by IBM

The original article can be found at: https://www.ibm.com/support/docview.wss?uid=ibm10880741


Details

IBM DB2 is prone to an Improper Input Validation vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Vulnerable Systems:

IBM DB2 9.7 FP11
IBM DB2 9.7
IBM DB2 11.1.4.4 iFix001
IBM DB2 11.1
IBM DB2 10.5 FP10
IBM DB2 10.5
IBM DB2 10.1 FP6
IBM DB2 10.1

CVE Information:
CVE-2019-4101

Disclosure Timeline:
07/01/2019

Categories: News