7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
IBM Db2 is shipped as pType component of IBM Cloud Pak System and IBM Cloud Pak System Software Suite. Vulnerabilities have been identified in IBM Db2 and information about fixes published in security bulletins.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Principal Product and Version(s) | ** Supporting Product and Version(s)** |
---|---|
IBM Cloud Pak System V2.3, V2.3.0.1, V2.3.1.1 | DB2 V10.5 V11.1 |
IBM Cloud Pak System V2.3.2.0 | DB2 V11.5 |
Consult the following security bulletins for IBM Db2 for vulnerability details and information about fixes.
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)
<https://ibm.com/support/pages/node/6242342>
Security Bulletin: IBM® Db2® may be vulnerable to a Denial of Service attack (CVE-2020-4355)
<https://ibm.com/support/pages/node/6242350>
Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363)
<https://ibm.com/support/pages/node/6242332>
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414)
<https://ibm.com/support/pages/node/6242356>
Security Bulletin: IBM® Db2® is vulnerable to a denial of service attack (CVE-2020-4420)
<https://ibm.com/support/pages/node/6242362>
Consult table below for CVEs, apply fix to update DB2 fix packs in virtual system database patterns, refer to
<https://www.ibm.com/support/knowledgecenter/SSZQFR_2.3.2.0/iwd/mpt_vsys_db2_fixpack_top.html>
CVE(s) | ** DB2 11.1.x** | ** DB2 11.5.x** |
---|
CVE-2020-4386
CVE-2020-4355
CVE-2020-4363
CVE-2020-4363
CVE-2020-4414
CVE-2020-4420
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system | eq | 2.3 |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C