Summary
IBM DB2 is shipped as a component of IBM Maximo Asset Management. Information about the security vulnerabilities affecting IBM DB2 has been published in security bulletins.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
This vulnerability affects the following versions of the IBM Maximo Asset Management core product. Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.
Maximo Asset Management core product versions affected:
Affected Product(s) |
Version(s) |
IBM Maximo Asset Management |
7.6.0.x |
IBM Maximo Asset Management |
7.6.1.x |
IBM Maximo Application Suite |
MAS 8.x-Manage 8.x |
- To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version.
Please consult the Product Coexistence Matrix for a list of supported product combinations.
Remediation/Fixes
Please consult the following security bulletins for vulnerability details and information about fixes:
Security Bulletin: IBM® Db2® could allow a local user elevated privileges due to allowing modification of columns of existing tasks (CVE-2021-38926)
Security Bulletin: IBM® Db2® is vulnerable to an Information Disclosure as a user with DBADM authority is able to access other databases and read or modify files (CVE-2021-29678)
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure as it uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. (CVE-2021-39002)
Security Bulletin: IBM® Db2® may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. (CVE-2021-20373)
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. (CVE-2021-38931)
Workarounds and Mitigations
None