7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.8%
DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerability affecting DB2 JDBC driver has been published in a security bulletin.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Business Service Manager | 6.2.0 |
IBM strongly recommends addressing the vulnerability now by executing these steps:
Principal Product and Version(s) | Affected Supporting Product and Version(s) |
---|---|
IBM Tivoli Business Service Manager 6.2.0.0-6.2.0.5 - XMLtoolkit |
Fix List for Db2 Version 11.5 for Linux, UNIX and Windows
To remediate the vulnerability:
For TBSM Data server:
1. Download the latest DB2 JDBC Driver (v11.5.x) from Fix Central and extract the db2jcc.jar file.
Alternatively, if DB2 v11.5.8.0 or higher is already installed and the special build from the Fix List has been applied, the file can be found under db2โs install directory by navigating to the install directory and searching for db2jcc.jar file.
2. Stop the TBSM servers.
3. Replace the old db2jcc.jar with the new db2jcc.jar under following directories:
<TBSM Install Directory>/XMLtoolkit/tools/crviewer/lib/
<TBSM Install Directory>/XMLtoolkit/tools/ExportDatabaseTool/drivers/
<TBSM Install Directory>/XMLtoolkit/jars/
4. Start the TBSM servers.
For DASH server:
1. Stop the Dashboard server.
2. Navigate to the following directory:
<JazzSM Install Directory>/profile/installedApps/JazzSMNode01Cell/isc.ear/sla.war/WEB-INF/lib/
3. Delete the following files:
db2jcc.jar
db2jcc_license_cu.jar
4. Start the DASH server.
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli business service manager | eq | 6.2.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.8%