Db2 is vulnerable to a denial of service. Db2 could allow an authenticated user to execute a function that would cause the server to crash.
CVEID: CVE-2019-4386 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to execute a function that would cause the server to crash.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162174> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Db2 11.1.4.4 and up on all platforms are affected. Db2 11.1.3.3 iFix 002 and earlier, Db2 10.5, Db2 10.1, and Db2 9.7 are not affected.
The recommended solution is to apply the appropriate fix for this vulnerability.
FIX:
The fix for Db2 V11.1 is in V11.1.4.5, available for download from Fix Central.
Release | Fixed in fix pack | APAR | Download URL |
---|---|---|---|
V11.1 | FP5 | IT29350 | http://www.ibm.com/support/docview.wss?uid=ibm11115973 |
None.
CPE | Name | Operator | Version |
---|---|---|---|
db2 for linux, unix and windows | eq | 11.1 |