IBM Db2 is vulnerable to information disclosure vulnerabilities. IBM DB2 has issued fixes for multiple security vulnerabilities.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Cloud Orchestrator | 2.5.0.10 |
Consult the following security bulletins for IBM DB2 vulnerability details and information about fixes.
Security Bulletin: IBM® Db2® is vulnerable to an Information Disclosure as a user with DBADM authority is able to access other databases and read or modify files (CVE-2021-29678)
<https://www.ibm.com/support/pages/node/6523806>
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5
Security Bulletin: IBM® Db2® may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. (CVE-2021-20373)
<https://www.ibm.com/support/pages/node/6523804>
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure as it uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. (CVE-2021-39002)
<https://www.ibm.com/support/pages/node/6523802>
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5
Security Bulletin: IBM® Db2® could allow a local user elevated privileges due to allowing modification of columns of existing tasks (CVE-2021-38926)
<https://www.ibm.com/support/pages/node/6523808>
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. (CVE-2021-38931)
<https://www.ibm.com/support/pages/node/6523810>
Affected Db2 releases: V11.1, V11.5
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud orchestrator | eq | 2.5.0.10 |