home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
  • Admin-Scout-small-Banner
           

    CURSOR Admin-Scout

    get the ultimate tool for Informix

    		 pfeil  

IBM Informix vulnerability CVE-2020-4799 in Spatial Datablade Module

Security UpdateA security warning was issued on October 8, 2020 (CVE-2020-4799) for IBM Informix Dynamic Server.

This vulnerability affects the Spatial Datablade Module in Informix Server versions 12.10 and 14.10.

A specific function in the Spatial Datablade can be called with an out-of-range parameter. A local user logged on with SQL privileges could use this vulnerability to attempt to execute an SQL injection. If the attack is successful, the attacker would be able to grant himself extended user rights and execute his own code.

Help provides a Fix Pack that IBM has released on Fix Central.

IBM offers two possible solutions:

  • If you are not using the Spatial Datablade, you can disable access by simply renaming it:

    Change to the directory $INFORMIXDIR/extend
    and rename the Spatial Datablade directory, for example: mv spatial.8.22.* spatial.do.not.use

  • If you are using the Spatial Datablade, please go to the IBM Fix Central page. IBM has released corresponding Fix Packs for download:

    https://www.ibm.com/support/pages/node/6343587

 

 

News OverviewNews Overview
News Overview
Informix NewsInformix News
Informix News
Scout NewsblogScout Newsblog
Scout Newsblog
Our NewsletterOur Newsletter
Our Newsletter
News ArchiveNews Archive
News Archive