Security Bulletin: Vulnerability in Java affects Tivoli System Automation for Multiplatforms shipped with IBM® Db2® LUW. (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)

Summary

Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms (TSAMP) shipped as a component of IBM Db2.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

TSAMP included in IBM DB2 and DB2 Connect V10.5, V11.1, and V11.5 editions listed below on all platforms:

10.5.0 - 10.5.11

|

Server

IBM® Db2®|

11.1.4 - 11.1.4.7

|

Server

IBM® Db2®|

11.5.0 - 11.5.9

|

Server

Only users of TSAMP are affected by this vulnerability.

Remediation/Fixes

If you use the TSAMP included with Db2, then obtain the updated and remediated version of TSAMP from Fix Central (v.4 1).

Follow the remediation instructions in Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli System Automation for Multiplatforms.

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

Workarounds and Mitigations

None