Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4AD0F7347162469AAEF9C8B75DDC1AD1C70D3CC311AC8B66EA59FFF132D09E3E
HistoryJul 08, 2020 - 2:57 p.m.

Security Bulletin: A security vulnerability has been identified in IBM DB2 shipped with IBM Maximo Asset Management (CVE-2020-4386, CVE-2020-4363, CVE-2020-4420, CVE-2020-4414, CVE-2020-4387 and CVE-2020-4355)

2020-07-0814:57:02
www.ibm.com
8

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

IBM DB2 is shipped as a component of IBM Maximo Asset Management. Information about the security vulnerability affecting IBM DB2 has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

This vulnerability affects the following versions of the IBM Maximo Asset Management core product. Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.

Maximo Asset Management core product versions affected:

Affected Product(s) Version(s)
IBM Maximo Asset Management 7.6.1.0
IBM Maximo Asset Management 7.6.0.10
IBM Maximo Asset Management 7.6.1.1

All other IBM Maximo Industry Solution and IBM Control Desk products, regardless of their own version, that are installed on top of an affected IBM Maximo Asset Management core version are also affected by this vulnerability.

Industry Solutions products affected if using an affected Maximo Asset Management core version:
Maximo for Aviation
Maximo for Life Sciences
Maximo for Nuclear Power
Maximo for Oil and Gas
Maximo for Transportation
Maximo for Utilities

IBM Control Desk products affected if using an affected Maximo Asset Management core version:
SmartCloud Control Desk
IBM Control Desk
Tivoli Integration Composer

  • To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version.

Please consult the Product Coexistence Matrix for a list of supported product combinations.

Remediation/Fixes

Please consult the following security bulletin for vulnerability details and information about fixes:

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)

Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363)

Security Bulletin: IBM® Db2® is vulnerable to a denial of service attack (CVE-2020-4420)

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414)

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4387)

Security Bulletin: IBM® Db2® may be vulnerable to a Denial of Service attack (CVE-2020-4355)

Workarounds and Mitigations

None

Related

ibm 20
nessus 2
cve 6
prion 6
thn 1
threatpost 1
ibm
ibm
Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt
2020-10-01 06:24:46
Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Program Management
2020-10-01 06:23:11
Security Bulletin: DB2 is affected by multiple vulnerabilities
2020-09-18 11:47:50
nessus
nessus
IBM DB2 9.7 < FP11 40162 / 10.1 < FP6 40161 / 10.5 < FP11 40160 / 11.1 < FP5 40159 / 11.5 < Mod 4 FP0 Multiple Vulnerabilities (UNIX)
2020-07-09 00:00:00
IBM DB2 9.7 < FP11 40162 / 10.1 < FP6 40161 / 10.5 < FP11 40160 / 11.1 < FP5 40159 / 11.5 < Mod 4 FP0 Multiple Vulnerabilities (Windows)
2020-07-09 00:00:00
cve
cve
CVE-2020-4386
2020-07-01 15:15:00
CVE-2020-4414
2020-07-01 15:15:00
CVE-2020-4420
2020-07-01 15:15:00
prion
prion
Code injection
2020-07-01 15:15:00
Buffer overflow
2020-07-01 15:15:00
Race condition
2020-07-01 15:15:00
thn
thn
Experts Reported Security Bug in IBM's Db2 Data Management Software
2020-08-20 11:59:00
threatpost
threatpost
IBM AI-Powered Data Management Software Subject to Simple Exploit
2020-08-20 12:00:39

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for 4AD0F7347162469AAEF9C8B75DDC1AD1C70D3CC311AC8B66EA59FFF132D09E3E
ibm20nessus2cve6prion6thn1threatpost1