Security Bulletin: IBM i2 Analyze is affected by multiple DB2 vulnerabilities

Summary

DB2 has multiple security vulnerabilities. DB2 users should refer to the linked DB2 security bulletins to determine is remediation is required.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2020-5024)
<https://www.ibm.com/support/pages/node/6427861&gt;
Affected Releases: v9.1, v10.1, v10.5, v11.1, v11.5

Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)
<https://www.ibm.com/support/pages/node/6427855&gt;
Affected Releases: v9.1, v10.1, v10.5, v11.1, v11.5

Security Bulletin: IBM® Db2® is vulnerable to weak file permissions allowing access to specific files (CVE-2020-4976)
<https://www.ibm.com/support/pages/node/6427859&gt;
Affected Releases: v9.1, v10.1, v10.5, v11.1, v11.5

Workarounds and Mitigations

None