Security Bulletin: A security vulnerability has been identified in IBM DB2 shipped with IBM Maximo Asset Management (CVE-2021-29702)

Summary

IBM DB2 is shipped as a component of IBM Maximo Asset Management. Information about the security vulnerability affecting IBM DB2 has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

This vulnerability affects the following versions of the IBM Maximo Asset Management core product. Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.

Maximo Asset Management core product versions affected:

• To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version.

Please consult the Product Coexistence Matrix for a list of supported product combinations.

Remediation/Fixes

Please consult the following security bulletin for vulnerability details and information about fixes:

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specifically crafted select statement. (CVE-2021-29702)

Workarounds and Mitigations

None