Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6CBBF237A741C91EF7FD3AF9BB8C1B2DADEAF53421022D21E76C0DCF9EA667AA
HistoryDec 10, 2021 - 3:38 p.m.

Security Bulletin: Vulnerabilities in IBM Db2 affect IBM Spectrum Protect Server (CVE-2021-29777, CVE-2021-20579, CVE-2021-29703, CVE-2020-4885, CVE-2020-4945)

2021-12-1015:38:59
www.ibm.com
12

0.002 Low

EPSS

Percentile

51.8%

JSON

Summary

The IBM Spectrum Protect Server may be affected by IBM Db2 vulnerabilities such as denial of service, obtaining sensitive information, accessing or changing Db2 configuration, and overwriting arbitrary files.

Vulnerability Details

CVEID:CVE-2021-29777
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203031 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-20579
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199283 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-29703
**DESCRIPTION:**Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200659 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-4885
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190909 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2020-4945
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191945 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Server 8.1.0.000-8.1.12.xxx
7.1.0.000-7.1.13.xxx

Remediation/Fixes

IBM Spectrum Protect Server Release First Fixing VRM Level Platform Link to Fix
8.1 8.1.13 AIX
Linux
Windows <https://www.ibm.com/support/pages/node/6522994&gt;
7.1 7.1.14 AIX
HP-UX
Linux
Solaris
Windows <https://www.ibm.com/support/pages/node/6518990&gt;

Workarounds and Mitigations

None

Related

ibm 22
nessus 5
prion 5
cve 5
cvelist 5
nvd 5
cnvd 3
ibm
ibm
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform
2021-09-20 05:28:14
Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Maximo Asset Management (CVE-2021-20579, CVE-2020-4945, CVE-2021-29777, CVE-2020-4885, CVE-2021-29703)
2021-08-11 17:40:08
Security Bulletin: Multiple IBM Db2 Server Vulnerabilities Affect IBM Emptoris Sourcing
2021-09-20 05:26:05
nessus
nessus
IBM DB2 9.7 < 9.7 / 10.1 < 10.1 / 10.5 < 10.5 / 11.1 < 11.1.4 / 11.5 < 11.5.6 Multiple Vulnerabilities (Unix)
2021-07-08 00:00:00
IBM DB2 9.7 < 9.7 / 10.1 < 10.1 / 10.5 < 10.5 / 11.1 < 11.1.4 / 11.5 < 11.5.6 Multiple Vulnerabilities (Windows)
2021-07-08 00:00:00
IBM DB2 11.5 < 11.5.6 FP0 Multiple Vulnerabilities (UNIX)
2021-07-02 00:00:00
prion
prion
Design/Logic Flaw
2021-06-24 19:15:00
Code injection
2021-06-24 19:15:00
Code injection
2021-06-24 19:15:00
cve
cve
CVE-2021-29777
2021-06-24 19:15:08
CVE-2021-29703
2021-06-24 19:15:08
CVE-2021-20579
2021-06-24 19:15:08
cvelist
cvelist
CVE-2021-29777
2021-06-23 00:00:00
CVE-2021-29703
2021-06-23 00:00:00
CVE-2021-20579
2021-06-23 00:00:00
nvd
nvd
CVE-2021-29777
2021-06-24 19:15:08
CVE-2021-29703
2021-06-24 19:15:08
CVE-2021-20579
2021-06-24 19:15:08
cnvd
cnvd
IBM DB2 Command Injection Vulnerability
2021-07-13 00:00:00
IBM DB2 Information Disclosure Vulnerability (CNVD-2021-99983)
2021-07-13 00:00:00
IBM DB2 Backlink Vulnerability
2021-06-25 00:00:00

0.002 Low

EPSS

Percentile

51.8%

JSON
Related for 6CBBF237A741C91EF7FD3AF9BB8C1B2DADEAF53421022D21E76C0DCF9EA667AA
ibm22nessus5prion5cve5cvelist5nvd5cnvd3