{"id":2094,"date":"2025-04-28T22:33:35","date_gmt":"2025-04-28T22:33:35","guid":{"rendered":"http:\/\/localhost\/?p=2094"},"modified":"2025-04-28T22:33:35","modified_gmt":"2025-04-28T22:33:35","slug":"security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=2094","title":{"rendered":"Security Bulletin: Multiple security vulnerabilities have been identified in IBM\u00ae DB2\u00ae shipped with IBM PureData System for Operational Analytics"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nSecurity Bulletin: Multiple security vulnerabilities have been identified in IBM\u00ae DB2\u00ae shipped with IBM PureData System for Operational Analytics<\/td>\n<\/tr>\n
Type<\/th>\nibm<\/td>\n<\/tr>\n
Published<\/th>\n2025-04-28T20:41:23<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-04-29T02:56:35<\/td>\n<\/tr>\n
CVSS Score<\/th>\n9.8 (CRITICAL)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nNONE<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nUNCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2009-0001, CVE-2014-0114, CVE-2014-0193, CVE-2014-3488, CVE-2015-2156, CVE-2016-2402, CVE-2017-12972, CVE-2017-12973, CVE-2017-12974, CVE-2017-18640, CVE-2017-3734, CVE-2017-5637, CVE-2018-10237, CVE-2018-11771, CVE-2018-8009, CVE-2018-8012, CVE-2019-0201, CVE-2019-10086, CVE-2019-10172, CVE-2019-10202, CVE-2019-12402, CVE-2019-16869, CVE-2019-17195, CVE-2019-17571, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nsoftware<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ## Summary<\/p>\n

IBM\u00ae DB2\u00ae is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin.<\/p>\n

## Vulnerability Details<\/p>\n

**CVEID:**CVE-2017-12973
\n**DESCRIPTION:** Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding improperly after detection of an invalid HMAC in authenticated AES-CBC decryption. A remote attacker could exploit this vulnerability to conduct a padding oracle attack.
\nCVSS Base score: 5.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/130789 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2017-12972
\n**DESCRIPTION:** Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by the lack of integer-overflow check when converting length values from bytes to bits. A remote attacker could exploit this vulnerability to conduct a HMAC bypass attack.
\nCVSS Base score: 5.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/130790 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2018-8012
\n**DESCRIPTION:** Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker could exploit this vulnerability to join the cluster and begin propagating counterfeit changes to the leader.
\nCVSS Base score: 7.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/143565 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:N) <\/p>\n

**CVEID:**CVE-2017-5637
\n**DESCRIPTION:** Apache Zookeeper is vulnerable to a denial of service, caused by the improper handling of the wchp command. By sending a specially-crafted wchp command, a remote attacker could exploit this vulnerability to cause the application to crash.
\nCVSS Base score: 5.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/121602 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L) <\/p>\n

**CVEID:**CVE-2018-11771
\n**DESCRIPTION:** Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
\nCVSS Base score: 3.1
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/148429 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L) <\/p>\n

**CVEID:**CVE-2018-10237
\n**DESCRIPTION:** Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted data, a remote attacker could exploit this vulnerability to cause a denial of service condition.
\nCVSS Base score: 7.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/142508 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2018-8009
\n**DESCRIPTION:** Apache Hadoop could could allow a remote attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing “dot dot slash” sequences (..\/), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as “Zip-Slip”
\nCVSS Base score: 5.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/150617 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:H\/A:N) <\/p>\n

**CVEID:**CVE-2016-2402
\n**DESCRIPTION:** OkHttp is vulnerable to a man-in-the-middle attack. By sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate, a remote attacker could exploit this vulnerability to bypass certificate pinning.
\nCVSS Base score: 4.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/125848 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2009-0001
\n**DESCRIPTION:** Apple QuickTime is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when processing RTSP URLs. By persuading a victim to open a specially-crafted RTSP URL, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
\nCVSS Base score: 6.8
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/48154 for the current score.
\nCVSS Vector: (AV:N\/AC:M\/Au:N\/C:P\/I:P\/A:P) <\/p>\n

**CVEID:**CVE-2019-9512
\n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP\/2 peer, a remote attacker could consume excessive CPU resources.
\nCVSS Base score: 7.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/164903 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2019-9514
\n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources.
\nCVSS Base score: 7.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/164640 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2019-9515
\n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources.
\nCVSS Base score: 7.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/165181 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2019-9518
\n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources.
\nCVSS Base score: 7.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/164904 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2014-0114
\n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system.
\nCVSS Base score: 7.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/92889 for the current score.
\nCVSS Vector: (AV:N\/AC:L\/Au:N\/C:P\/I:P\/A:P) <\/p>\n

**CVEID:**CVE-2019-10086
\n**DESCRIPTION:** Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader.
\nCVSS Base score: 5.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/166353 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2019-10202
\n**DESCRIPTION:** Red Hat JBoss Enterprise Application Platform (EAP) could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization in Codehaus. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
\nCVSS Base score: 8.1
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/168251 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H) <\/p>\n

**CVEID:**CVE-2019-10172
\n**DESCRIPTION:** Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.
\nCVSS Base score: 5.9
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/172436 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:N) <\/p>\n

**CVEID:**CVE-2019-17571
\n**DESCRIPTION:** Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
\nCVSS Base score: 9.8
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/173314 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H) <\/p>\n

**CVEID:**CVE-2019-12402
\n**DESCRIPTION:** Apache Commons Compress is vulnerable to a denial of service, caused by an error in the internal file name encoding algorithm. By choosing the file names inside of a specially crafted archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
\nCVSS Base score: 5.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/165956 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L) <\/p>\n

**CVEID:**CVE-2017-3734
\n**DESCRIPTION:** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
\nCVSS Base score: 0
\nCVSS Vector: <\/p>\n

**CVEID:**CVE-2019-16869
\n**DESCRIPTION:** Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual whitespaces before the colon in HTTP headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
\nCVSS Base score: 6.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/167672 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2019-17195
\n**DESCRIPTION:** Connect2id Nimbus JOSE+JWT is vulnerable to a denial of service, caused by the throwing of various uncaught exceptions while parsing a JWT. An attacker could exploit this vulnerability to crash the application or obtain sensitive information.
\nCVSS Base score: 6.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/169514 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:L) <\/p>\n

**CVEID:**CVE-2017-18640
\n**DESCRIPTION:** SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
\nCVSS Base score: 5.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/174331 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L) <\/p>\n

**CVEID:**CVE-2019-0201
\n**DESCRIPTION:** Apache ZooKeeper could allow a remote attacker to obtain sensitive information, caused by the failure to check permissions by the getACL() command. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
\nCVSS Base score: 7.5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/161303 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N) <\/p>\n

**CVEID:**CVE-2014-3488
\n**DESCRIPTION:** Netty is vulnerable to a denial of service, caused by an error in SslHandler. A remote attacker could exploit this vulnerability using a specially-crafted SSLv2Hello message to exhaust all available CPU resources and cause the application to enter into an infinite loop.
\nCVSS Base score: 5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/95285 for the current score.
\nCVSS Vector: (AV:N\/AC:L\/Au:N\/C:N\/I:N\/A:P) <\/p>\n

**CVEID:**CVE-2015-2156
\n**DESCRIPTION:** Netty could allow a remote attacker to bypass restrictions, caused by the improper validation of characters in a cookie name by the cookie parsing code. An attacker could exploit this vulnerability to bypass the HttpOnly flag in all Play applications and gain access to the system.
\nCVSS Base score: 6.4
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/103239 for the current score.
\nCVSS Vector: (AV:N\/AC:L\/Au:N\/C:P\/I:P\/A:N) <\/p>\n

**CVEID:**CVE-2014-0193
\n**DESCRIPTION:** Netty is vulnerable to a denial of service, caused by an error in the WebSocket08FrameDecoder implementation. A remote attacker could exploit this vulnerability to exhaust all available memory resources.
\nCVSS Base score: 5
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/93006 for the current score.
\nCVSS Vector: (AV:N\/AC:L\/Au:N\/C:N\/I:N\/A:P) <\/p>\n

**CVEID:**CVE-2017-12974
\n**DESCRIPTION:** Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding with ECKey construction without ensuring that the public x and y coordinates are on the specified curve. A remote attacker could exploit this vulnerability to conduct an Invalid Curve Attack.
\nCVSS Base score: 7.3
\nCVSS Temporal Score: See: https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/130788 for the current score.
\nCVSS Vector: (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L)<\/p>\n

## Affected Products and Versions<\/p>\n

IBM PureData System for Operational Analytics V1.1 (A1801)<\/p>\n

## Remediation\/Fixes<\/p>\n

**IBM strongly recommends addressing the vulnerability now by doing the following:**<\/p>\n

Determine the appliance fixpack level as root on the management server using the appl_ls_cat command.<\/p>\n

$ appl_ls_cat -i
\nNAME VERSION STATUS DESCRIPTION
\nbwr3 4.0.8.0 Committed Updates for IBM_PureData_System_for_Operational_Analytics<\/p>\n

Determine the version of Db2 used on the core nodes in the appliance. The command below shows that Version 10.5.0.11 is installed. The number of hosts, Db2 version and instance name are customer dependent. The appliance supports Db2 10.5 or Db2 11.1 and the default instance owner is bcuaix. The command below shows that the instance is used Db2 10.5.0.11.<\/p>\n

$ dsh -n ${BCUALL} ‘\/usr\/local\/bin\/db2ls -c | grep -v “#” | cut -d: -f 1 | head -1 | while read p;do $p\/bin\/db2greg -dump | grep “^I”;done’| dshbak -c
\nHOSTS ————————————————————————-
\nhost02, host04, host05, hostflash06
\n\\——————————————————————————-
\nI,DB2,10.5.0.11,bcuaix,\/db2home\/bcuaix\/sqllib,,1,0,\/usr\/IBM\/dwe\/db2\/V10.5.0.11..2,,<\/p>\n

Login as the instance owner to any of the host servers. The following command will show the build number installed.<\/p>\n

$ db2level
\nDB21085I This instance or install (instance name, where applicable: “bcuaix”)
\nuses “64” bits and DB2 code release “SQL1005B” with level identifier
\n“060C010E”.
\nInformational tokens are “DB2 v10.5.0.11”, “special_40479”, “IP24071_40479”,
\nand Fix Pack “11”.
\nProduct is installed at “\/usr\/IBM\/dwe\/db2\/V10.5.0.11..2”.<\/p>\n

Use the table below to determine how to download the Db2 Fixpack or Special Build and then refer to the appliance technote https:\/\/www.ibm.com\/support\/pages\/installing-db2-fix-pack-ibm-puredata-system-operational-analytics for instructions on how to apply the Db2 Fixpack or Special Build on the appliance. Contact IBM Support for any questions or concerns related to this update. The number in brackets will match version returned by the appl_ls_conf command. <\/p>\n

Current V1.1 Fixpack Level | Remediation Options
\n—|—
\nV1.1 GA [ 4.0.4.x ] | Validated stack is not vulnerable at this level.
\nV1.1 FP1 [ 4.0.5.x ] | Validated stack is not vulnerable at this level.
\nV1.1 FP2 [ 4.0.6.x ] | Validated stack is not vulnerable at this level.
\nV1.1 FP3 [ 4.0.7.x ] | If using Db2 10.5, the system is not vulnerable. If using Db2 11.1, download the Db2 11.1 fixpack at: Db2 Version 11.1 Mod 4 Fix Pack 7 for Linux, UNIX, and Windows
\nV1.1 FP4 [ 4.0.8.x ] | If using Db2 10.5, the system is not vulnerable. If using Db2 11.1, download the Db2 11.1 fixpack at: Db2 Version 11.1 Mod 4 Fix Pack 7 for Linux, UNIX, and Windows <\/p>\n

## Workarounds and Mitigations<\/p>\n

None<\/p>\n

##\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n9.8<\/td>\n<\/tr>\n
Severity<\/th>\nCRITICAL<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n