Lack of protections around trace facility gives local users read and write access DB2 migration problems caused IBM to resurrect Netezza, according to analyst
A bug-hunter has uncovered a vulnerability in IBM's popular enterprise database which, if left unpatched, could allow a local user to access data and kick off a denial-of-service attack. Security firm Trustwave said the shared memory vulnerability in Db2 - CVE-2020-4414 - was similar to the problems found with Cisco's Webex in June (CVE-2020-3347). According to TrustWave, "Only Db2 for LUW (Linux, Unix, Windows) is affected. Db2 for other platforms like IBM mainframes and z/OS are unaffected." M...