Miembros de
Boletines de Vulnerabilidades |
IBM Security Bulletin: Unauthorized Access to user data vulnerability in DB2 during certain LOAD operations (CVE-2014-4805) |
|
Información sobre el sistema |
|
| Software afectado | IBM |
Descripción |
|
|
During certain LOAD operations into Columnar Data Engine (CDE) tables, a temporary file containing user data may be created at the DB2 server. As the file only exists for the duration of the LOAD operation and is automatically removed on completion (both success and error), the vulnerability exists only temporarily. CVE(s): CVE-2014-4805 Affected product(s) and affected version(s): All fix pack levels for IBM DB2 V10.5 editions running on AIX and Linux are affected. IBM® DB2® More info: https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_unauthorized_access_to_user_data_vulnerability_in_db2_during_certain_load_operations_cve_2014_4805?lang=en_us |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2014-4805 ,CVE-2014-4759 ,CVE-2014-3095 ,CVE-2014-3094 ,CVE-2013-6371 and CVE-2014-0411. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2014-09-03 |