IBM DB2 is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about security vulnerabilities affecting DB2 has been published in multiple security bulletins as below.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Maximo APM - Predictive Maintenance Insights On-Premises | 1.0.3 |
IBM Maximo APM - Predictive Maintenance Insights On-Premises | 1.0.3 |
IBM Predictive Maintenance and Quality | 1.0.x |
IBM Predictive Maintenance and Quality | 2.5.x |
IBM Predictive Maintenance and Quality | 2.0.x |
IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)
Security Bulletin: <https://www.ibm.com/support/pages/node/6370023>
Affected Releases: v9.1, v10.1, v10.5, v11.1, v11.5
IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)
Security Bulletin: <https://www.ibm.com/support/pages/node/6370025>
Affected Releases: v10.5, v11.1, v11.5
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow local attacker to cause a denial of service inside the “DB2 Management Service”. (CVE-2020-4642)
Security Bulletin: <https://www.ibm.com/support/pages/node/6391652>
Affected Releases: 9.7, 10.1, 10.5, 11.1, 11.5
Please refer to above security bulletins for the detailed fix information.
None