IBM Db2 is shipped as pType component of IBM Cloud Pak System and IBM Cloud Pak System Software Suite. Vulnerabilities have been identified in IBM Db2 and information about fixes published in security bulletins.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Principal Product and Version(s) | ** Supporting Product and Version(s)** |
---|---|
IBM Cloud Pak System V2.3, V2.3.0.1, V2.3.1.1 | DB2 V10.5 V11.1 |
IBM Cloud Pak System V2.3.2.0 | DB2 V11.5 |
Consult the following security bulletins for IBM Db2 for vulnerability details and information about fixes.
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)
<https://ibm.com/support/pages/node/6242342>
Security Bulletin: IBM® Db2® may be vulnerable to a Denial of Service attack (CVE-2020-4355)
<https://ibm.com/support/pages/node/6242350>
Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363)
<https://ibm.com/support/pages/node/6242332>
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414)
<https://ibm.com/support/pages/node/6242356>
Security Bulletin: IBM® Db2® is vulnerable to a denial of service attack (CVE-2020-4420)
<https://ibm.com/support/pages/node/6242362>
Consult table below for CVEs, apply fix to update DB2 fix packs in virtual system database patterns, refer to
<https://www.ibm.com/support/knowledgecenter/SSZQFR_2.3.2.0/iwd/mpt_vsys_db2_fixpack_top.html>
CVE(s) | ** DB2 11.1.x** | ** DB2 11.5.x** |
---|
CVE-2020-4386
CVE-2020-4355
CVE-2020-4363
CVE-2020-4363
CVE-2020-4414
CVE-2020-4420