IBM® Db2® is shipped as a component of IBM Operations Analytics Predictive Insights. IBM® Db2® for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow caused by improper bounds checking, denial of service atack due to a hang in the SSL handshake and unauthorized access to files due to weak file permissions. Information about those security vulnerabilities CVE-2020-4976, CVE-2020-5024, CVE-2020-5025 have been published in security bulletins.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Operations Analytics Predictive Insights | All |
For more information and recommended solutions for security vulnerability CVE-2020-4976, see the disclosed security bulletin: IBM® Db2® is vulnerable to weak file permissions allowing access to specific files
For more information and recommended solutions for security vulnerability CVE-2020-5024, see the disclosed security bulletin: IBM® Db2® is vulnerable to a denial of service
For more information and recommended solutions for security vulnerability CVE-2020-5025, see the disclosed security bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow
None