Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8C2FEA04D6A2BF509DCBDFCC27DFB5F2CF3687C7E14C9D2344D41D948A25D6A5
HistorySep 13, 2021 - 12:57 p.m.

Security Bulletin: Multiple vulnerabilities in IBM DB2 affect the IBM Intelligent Operations Center (CVE-2020-4701, CVE-2020-4739)

2021-09-1312:57:10
www.ibm.com
10
ibm db2
ibm intelligent operations center
vulnerabilities
buffer overflow
dll search order hijacking
interim fix

EPSS

0.001

Percentile

29.2%

JSON

Summary

Multiple vulnerabilities have been identified in DB2 11.1 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2020-4701
**DESCRIPTION:**IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187078 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-4739
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188149 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Intelligent Operations Center (IOC) 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1

Remediation/Fixes

The recommended solution is to apply an interim fix that contains the fix for this issue as soon as practical.

Download the IBM Intelligent Operations Center Version 5.2.2 is an upgrade to IBM Intelligent Operations Center Version 5.1 through IBM Intelligent Operations Center Version 5.2 from the following link:

IBM Intelligent Operations Center Version 5.2.2

Installation instructions for the fix are included in the readme document that is in the fix package.

Workarounds and Mitigations

None

Related

ibm 19
prion 2
cve 2
cvelist 2
nvd 2
nessus 5
ibm
ibm
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Emptoris Supplier Lifecycle Mgmt
2021-02-10 08:53:58
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Sourcing
2021-02-10 08:54:48
Security Bulletin: Multiple vulnerabilities in IBM DB2
2021-07-30 05:04:37
prion
prion
Spoofing
2020-11-20 14:15:00
Buffer overflow
2020-11-19 16:15:00
cve
cve
CVE-2020-4739
2020-11-20 14:15:11
CVE-2020-4701
2020-11-19 16:15:10
cvelist
cvelist
CVE-2020-4739
2020-11-20 13:50:14
CVE-2020-4701
2020-11-19 15:15:18
nvd
nvd
CVE-2020-4739
2020-11-20 14:15:11
CVE-2020-4701
2020-11-19 16:15:10
nessus
nessus
IBM DB2 Connect 10.5 < FP11 40479 / 11.1 < FP5 40478 / 11.5 < 11.5.5000.1587 Buffer Overflow (Windows)
2020-12-04 00:00:00
IBM DB2 10.5 < FP11 40479 / 11.1 < FP5 40478 / 11.5 < 11.5.5.0 Buffer Overflow (Unix)
2020-12-04 00:00:00
IBM DB2 10.5 < FP11 40479 / 11.1 < FP5 40478 / 11.5 < 11.5.5000.1587 Buffer Overflow (Windows)
2020-12-04 00:00:00

EPSS

0.001

Percentile

29.2%

JSON
Related for 8C2FEA04D6A2BF509DCBDFCC27DFB5F2CF3687C7E14C9D2344D41D948A25D6A5
ibm19prion2cve2cvelist2nvd2nessus5