IBM DB2 is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about security vulnerabilities affecting DB2 has been published in multiple security bulletins as below. The recommended solution is to upgrade to Fix Pack version 11.5.7 on DB2 Server for IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises installations.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Maximo APM - Predictive Maintenance Insights On-Premises | 1.0.3 |
IBM Predictive Maintenance and Quality | All |
Please refer to below security bulletins for details on the vulnerabilities. The recommended solution is to upgrade to Fix Pack version 11.5.7 on DB2 Server for IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises installations.
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure, exposing remote storage credentials to privileged users under specific conditions. (CVE-2021-29752): <https://www.ibm.com/support/pages/node/6489489>
Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825): <https://www.ibm.com/support/pages/node/6489499>
Security Bulletin: IBM® Db2® under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. (CVE-2021-29763): <https://www.ibm.com/support/pages/node/6489493>
None