heise PlusAbo
Anzeige

Authentication of IBM Db2 can be bypassed under Cloud Pak for Data

IBM's database systems Db2 and Db2 Warehouse can be attacked under the data and AI platform Cloud Pak for Data.

listen Print view
Section of a keyboard, one key reads "Time to update"

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

If IBM Db2 or Db2 Warehouse are running on the Cloud Pak for Data file and AI platform, attackers can exploit a total of 35 vulnerabilities and, in the worst case, execute malicious code. A secured version is available.

Protecting systems

In a post, the developers state that they have closed the vulnerabilities in version 5.1.0 . Three vulnerabilities (CVE-2024-41110, CVE-2022-0759, CVE-2024-27281) are classified as"critical". Attackers can use these vulnerabilities as a man-in-the-middle, bypass authentication or even execute malicious code. If the latter occurs, systems are usually considered fully compromised.

Videos by heise

The vulnerabilities affect components such as glibc, GNU C Library and Java SE. Admins should ensure that the version protected against the described attacks is installed. So far there are no reports of ongoing attacks. Unfortunately, IBM does not provide any information on how to recognize systems that have already been attacked.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten