Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.

Summary

IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin (CVE-2015-8383, CVE-2015-8381, CVE-2015-8386, CVE-2015-8388, CVE-2015-8385, CVE-2015-8387, CVE-2015-8391, CVE-2015-8390, CVE-2015-8393, CVE-2015-8395, CVE-2015-8394, CVE-2015-2328, CVE-2015-2327, CVE-2020-14155, CVE-2015-8392, CVE-2023-29258, CVE-2023-45178, CVE-2023-46167, CVE-2023-47701, CVE-2023-43020, CVE-2018-25032, CVE-2002-0059, CVE-2022-37434, CVE-2023-40692, CVE-2023-40687, CVE-2023-38727, CVE-2023-38003, CVE-2023-1370, CVE-2022-3171, CVE-2022-3509, CVE-2023-43642, CVE-2023-34462, CVE-2023-32731, CVE-2022-3510)

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Multiple vulnerabilities with different CVEs with different versions of IBM DB2 for Linux, UNIX and Windows has been raised .

Download the correct version of the fix pack from the following links as per your current installed DB2 version. Installation instructions for the fix are included in the document that is in the fix package.

ecurity Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)
<https://www.ibm.com/support/pages/node/7078681&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)
<https://www.ibm.com/support/pages/node/7087143&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command. (CVE-2023-40687)
<https://www.ibm.com/support/pages/node/7087149&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to denial of service under extreme stress conditions. (CVE-2023-40692)
<https://www.ibm.com/support/pages/node/7087157&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.
<https://www.ibm.com/support/pages/node/7087162&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)
<https://www.ibm.com/support/pages/node/7087180&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
<https://www.ibm.com/support/pages/node/7087234&gt;
Versions Affected: 11.1, 11.5

Security Bulletin: IBM® Db2® could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. (CVE-2023-47701)
<https://www.ibm.com/support/pages/node/7087197&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-46167)
<https://www.ibm.com/support/pages/node/7087203&gt;
Versions Affected: 11.5

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)
<https://www.ibm.com/support/pages/node/7087207&gt;
Versions Affected: 11.5

Security Bulletin: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)
<https://www.ibm.com/support/pages/node/7087218&gt;
Versions Affected: 11.1, 11.5

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.
<https://www.ibm.com/support/pages/node/7087225&gt;
Versions Affected: 10.5, 11.1, 11.5

Workarounds and Mitigations

None