IBM Security Bulletin: IBM® Db2® is affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1654)
Apr 24, 2018 9:00 am EDT
Categorized: Medium Severity
Share this post:
Db2 is affected by a vulnerability in IBM® Spectrum Scale Version 4.1.1 that is used by DB2® pureScale™ Feature on AIX and Linux. A security vulnerability has been identified in IBM Spectrum Scale that could allow a local unprivileged user access to information in dump files, and result in transfer of such data to IBM during service engagements. IBM Spectrum Scale is previously known as General Parallel File System (GPFS).
CVE(s): CVE-2017-1654
Affected product(s) and affected version(s):
All fix pack levels of IBM DB2 V10.5 and V11.1.1 editions running on AIX and Linux are affected, only for those customers who have DB2® pureScale™ Feature installed.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22015462
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133378
from IBM Product Security Incident Response Team https://ift.tt/2K9uThS