Home Unlabelled IBM Security Bulletin: IBM® Db2® sensitive information exposure in the error log (CVE-2017-1434).

IBM Security Bulletin: IBM® Db2® sensitive information exposure in the error log (CVE-2017-1434).

By
Saturday, September 09, 2017
Read
Add Comment

When a version check to upgrade Db2 to v11.x fails, the connection string is written in the clear in an error message to db2diag.log.

CVE(s): CVE-2017-1434

Affected product(s) and affected version(s):

All fix pack levels for server editions of IBM Db2 V11.1 on all platforms are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2eR8Ce0
X-Force Database: http://ift.tt/2wQzq4h

The post IBM Security Bulletin: IBM® Db2® sensitive information exposure in the error log (CVE-2017-1434). appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2wgz436
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us