Detections
Analytics
IBM DB2 9.8 < Fix Pack 4 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 9195
Synopsis
The remote IBM DB2 database server is vulnerable to multiple attack vectors.Description
Versions of IBM DB2 9.8 earlier than Fix Pack 4 are potentially affected by multiple issues :- A flaw exists in the high availability 9.5 upgrade scripts that is due to them automatically installing into the '/usr/sbin/rsct/sapolicies/db2' directory with insecure permissions.
- A flaw exists that is due to Monitor Administrative Views (in sysibmadm schema) being readable by the public. This may allow a remote attacker to gain access to potentially sensitive information.
Solution
Upgrade to IBM DB2 9.8 Fix Pack 4 or higher.See Also
http://www-01.ibm.com/support/docview.wss?uid=swg24030581
http://www-01.ibm.com/support/docview.wss?uid=swg21455035#4
Plugin Details
Severity: Medium
ID: 9195
Family: Database
Published: 4/15/2016
Updated: 3/6/2019
Vulnerability Information
Patch Publication Date: 8/10/2013
Vulnerability Publication Date: 8/10/2013