home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36

IBM Informix vulnerability CVE-2020-4799 in Spatial Datablade Module

Security UpdateA security warning was issued on October 8, 2020 (CVE-2020-4799) for IBM Informix Dynamic Server.

This vulnerability affects the Spatial Datablade Module in Informix Server versions 12.10 and 14.10.

A specific function in the Spatial Datablade can be called with an out-of-range parameter. A local user logged on with SQL privileges could use this vulnerability to attempt to execute an SQL injection. If the attack is successful, the attacker would be able to grant himself extended user rights and execute his own code.

Help provides a Fix Pack that IBM has released on Fix Central.

IBM offers two possible solutions:

  • If you are not using the Spatial Datablade, you can disable access by simply renaming it:

    Change to the directory $INFORMIXDIR/extend
    and rename the Spatial Datablade directory, for example: mv spatial.8.22.* spatial.do.not.use

  • If you are using the Spatial Datablade, please go to the IBM Fix Central page. IBM has released corresponding Fix Packs for download:

    https://www.ibm.com/support/pages/node/6343587

 

 

Informix EditionsInformix Editions
Informix Editions
DocumentationDocumentation
Documentation
IBM NewsletterIBM Newsletter
IBM Newsletter
Current BugsCurrent Bugs
Current Bugs
Bug ResearchBug Research
Bug Research
Bug FixlistsBug Fixlists
Bug Fixlists
Release NotesRelease Notes
Release Notes
Machine NotesMachine Notes
Machine Notes
Release NewsRelease News
Release News
Product LifecycleProduct Lifecycle
Lifecycle
Media DownloadMedia Download
Media Download