Security Bulletin: Multiple vulnerabilities in IBM Db2 affect IBM Cloud Pak System and IBM Cloud Pak System Software Suite

Summary

IBM Db2 is shipped as pType component of IBM Cloud Pak System and IBM Cloud Pak System Software Suite. Vulnerabilities have been identified in IBM Db2 and information about fixes published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Consult the following security bulletins for IBM Db2 for vulnerability details and information about fixes.

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)
<https://ibm.com/support/pages/node/6242342&gt;

Security Bulletin: IBM® Db2® may be vulnerable to a Denial of Service attack (CVE-2020-4355)
<https://ibm.com/support/pages/node/6242350&gt;

Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363)
<https://ibm.com/support/pages/node/6242332&gt;

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414)
<https://ibm.com/support/pages/node/6242356&gt;

Security Bulletin: IBM® Db2® is vulnerable to a denial of service attack (CVE-2020-4420)
<https://ibm.com/support/pages/node/6242362&gt;

Workarounds and Mitigations

Consult table below for CVEs, apply fix to update DB2 fix packs in virtual system database patterns, refer to

<https://www.ibm.com/support/knowledgecenter/SSZQFR_2.3.2.0/iwd/mpt_vsys_db2_fixpack_top.html&gt;

CVE-2020-4386

CVE-2020-4355

CVE-2020-4363

CVE-2020-4363

CVE-2020-4414

CVE-2020-4420

| Special Build 40159 | DB2 v 11.5 Mod 4 Fixpack 0