• Admin-Scout-small-Banner
           
    CURSOR Admin-Scout
    get the ultimate tool for Informix
    pfeil  
invispix 10x10
invispix 10x10

IBM Informix vulnerability CVE-2020-4799 in Spatial Datablade Module

Security UpdateA security warning was issued on October 8, 2020 (CVE-2020-4799) for IBM Informix Dynamic Server.

This vulnerability affects the Spatial Datablade Module in Informix Server versions 12.10 and 14.10.

A specific function in the Spatial Datablade can be called with an out-of-range parameter. A local user logged on with SQL privileges could use this vulnerability to attempt to execute an SQL injection. If the attack is successful, the attacker would be able to grant himself extended user rights and execute his own code.

Help provides a Fix Pack that IBM has released on Fix Central.

IBM offers two possible solutions:

  • If you are not using the Spatial Datablade, you can disable access by simply renaming it:

    Change to the directory $INFORMIXDIR/extend
    and rename the Spatial Datablade directory, for example: mv spatial.8.22.* spatial.do.not.use

  • If you are using the Spatial Datablade, please go to the IBM Fix Central page. IBM has released corresponding Fix Packs for download:

    https://www.ibm.com/support/pages/node/6343587

 


 

invispix 10x10
News OverviewNews Overview

News Overview

Informix NewsInformix News

Informix News

Scout NewsblogScout Newsblog

Scout Newsblog

Our NewsletterOur Newsletter

Our Newsletter

News ArchiveNews Archive

News Archive

invispix 10x10
OEM/ESA licensingOEM/ESA licensing

IBM OEM licensing

Informix for purchaserInformix for purchaser

Informix for purchasers

Service und SupportService und Support

Service and Support

Admin-Scout for InformixAdmin-Scout for Informix

Admin-Scout for Informix