Multiple vulnerabilities have been found in IBM DB2. DB2 users should refer to the security bulletins listed below for remediation actions.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM i2 Analyze | IBM i2 Analyze 4.3.1 |
IBM i2 Analyze | IBM i2 Analyze 4.3.0 |
IBM i2 Analyze | IBM i2 Analyze 4.3.2 |
Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)
<https://www.ibm.com/support/pages/node/6370023>
Affected Releases: v9.1, v10.1, v10.5, v11.1, v11.5
Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)
<https://www.ibm.com/support/pages/node/6370025>
Affected Releases: v10.5, v11.1, v11.5
None