Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights

Summary

There are multiple vulnerabilities in IBM® DB2 used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs (CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449, CVE-2023-23487, CVE-2023-30431, CVE-2023-27869, CVE-2023-27867, CVE-2023-27868, CVE-2023-30442, CVE-2023-29256, CVE-2023-27558, CVE-2023-35012)

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Please apply the security bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query

Please apply the security bulletin: IBM® Db2® JDBC driver is vulnerable to remote code execution

Please apply the security bulletin: IBM® Db2® db2set is vulnerable to arbitrary code execution

Please apply the security bulletin: IBM® Db2® is vulnerable to insufficient audit logging

Please apply the security bulletin: IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution

Please apply the security bulletin: IBM® Db2® is vulnerable to information disclosure due to improper privilege management

Please apply the security bulletin: IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper

Please apply the security bulletin: IBM® Db2® on Windows is vulnerable to privilege escalation ( if DB2 is deployed on Windows )

Workarounds and Mitigations

None