Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2C103E5DEAE1D90891765BFB586E4BC9F32FE90EDF081C609C397369625BB47C
HistoryFeb 11, 2021 - 2:31 p.m.

Security Bulletin: Multiple security vulnerabilities may affect IBM DB2 shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises

2021-02-1114:31:45
www.ibm.com
6

0.001 Low

EPSS

Percentile

29.3%

JSON

Summary

IBM DB2 is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. Information about security vulnerabilities affecting DB2 has been published in multiple security bulletins as below.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo APM - Predictive Maintenance Insights On-Premises 1.0.3
IBM Maximo APM - Predictive Maintenance Insights On-Premises 1.0.3
IBM Predictive Maintenance and Quality 1.0.x
IBM Predictive Maintenance and Quality 2.5.x
IBM Predictive Maintenance and Quality 2.0.x

Remediation/Fixes

IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)
Security Bulletin: <https://www.ibm.com/support/pages/node/6370023&gt;
Affected Releases: v9.1, v10.1, v10.5, v11.1, v11.5

IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)
Security Bulletin: <https://www.ibm.com/support/pages/node/6370025&gt;
Affected Releases: v10.5, v11.1, v11.5

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow local attacker to cause a denial of service inside the “DB2 Management Service”. (CVE-2020-4642)

Security Bulletin: <https://www.ibm.com/support/pages/node/6391652&gt;

Affected Releases: 9.7, 10.1, 10.5, 11.1, 11.5

Please refer to above security bulletins for the detailed fix information.

Workarounds and Mitigations

None

Related

ibm 21
nessus 7
cvelist 3
nvd 3
prion 3
cve 3
ibm
ibm
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform
2021-02-10 08:51:58
Security Bulletin: Multiple vulnerabilities in IBM DB2
2021-07-30 05:04:37
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Contract Management
2021-02-10 08:50:11
nessus
nessus
IBM DB2 Connect 9.7 < 9.7.1100.352 / 10.5 < 10.5.1100.2866 / 11.1 < 11.1.4050.859 / 11.5 < 11.5.5000.1587 DoS (Windows)
2021-01-08 00:00:00
IBM DB2 9.7 < 9.7.1100.352 / 10.5 < 10.5.1100.2866 / 11.1 < 11.1.4050.859 / 11.5 < 11.5.5000.1587 DoS (Windows)
2021-01-08 00:00:00
IBM DB2 Connect 10.5 < FP11 40479 / 11.1 < FP5 40478 / 11.5 < 11.5.5000.1587 Buffer Overflow (Windows)
2020-12-04 00:00:00
cvelist
cvelist
CVE-2020-4739
2020-11-19 00:00:00
CVE-2020-4701
2020-11-18 00:00:00
CVE-2020-4642
2020-12-22 00:00:00
nvd
nvd
CVE-2020-4739
2020-11-20 14:15:11
CVE-2020-4642
2020-12-23 17:15:13
CVE-2020-4701
2020-11-19 16:15:10
prion
prion
Design/Logic Flaw
2020-12-23 17:15:00
Spoofing
2020-11-20 14:15:00
Buffer overflow
2020-11-19 16:15:00
cve
cve
CVE-2020-4739
2020-11-20 14:15:11
CVE-2020-4642
2020-12-23 17:15:13
CVE-2020-4701
2020-11-19 16:15:10

0.001 Low

EPSS

Percentile

29.3%

JSON
Related for 2C103E5DEAE1D90891765BFB586E4BC9F32FE90EDF081C609C397369625BB47C
ibm21nessus7cvelist3nvd3prion3cve3