Deployments of i2 Analyze using DB2 will need to refer to the DB2 Security Bulletins linked below to determine if they are vulnerable and apply fixes as detailed.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM i2 Analyze | IBM i2 Analyze 4.3.1 |
IBM i2 Analyze | IBM i2 Analyze 4.3.0 |
IBM i2 Analyze | IBM i2 Analyze 4.3.2 |
Security Bulletin: Under special circumstances, Db2 is vulnerable to a denial of service during drop table (CVE-2021-29777)
<https://www.ibm.com/support/pages/node/6466373>
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure (CVE-2021-20579)
<https://www.ibm.com/support/pages/node/6466369>
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. (CVE-2021-29703)
<https://www.ibm.com/support/pages/node/6466371>
Affected Db2 releases: V10.1, V10.5, V11.1, V11.5
Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.
<https://www.ibm.com/support/pages/node/6466365>
Affected Db2 releases: V11.1, V11.5
Security Bulletin: IBM® Db2® could allow a local user to access and change the configuration of DB2 due to a race condition via a symbolic link. (CVE-2020-4885)
<https://www.ibm.com/support/pages/node/6466363>
Affected Db2 releases: V11.5
Security Bulletin: IBM® Db2® could allow an authenticated user to overwrite arbirary files due to improper group permissions. (CVE-2020-4945)
<https://www.ibm.com/support/pages/node/6466367>
Affected Db2 releases: V11.5
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm i2 analyze ibm i2 analyze | eq | 4.3.1 | |
ibm i2 analyze ibm i2 analyze | eq | 4.3.0 | |
ibm i2 analyze ibm i2 analyze | eq | 4.3.2 |