Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.

Summary

Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin (CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193, CVE-2023-50308, 268195)

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Multiple vulnerabilities with different CVEs with different versions of IBM DB2 for Linux, UNIX and Windows has been raised .

Download the correct version of the fix pack from the following links as per your current installed DB2 version. Installation instructions for the fix are included in the document that is in the fix package

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47158)
<https://www.ibm.com/support/pages/node/7105496&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to a privilege escalation to SYSTEM user via MSI repair functionality on Windows (CVE-2023-47145)
<https://www.ibm.com/support/pages/node/7105500&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using a specially crafted query (CVE-2023-47747)
<https://www.ibm.com/support/pages/node/7105502&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. (CVE-2023-27859)
<https://www.ibm.com/support/pages/node/7105503&gt;
Versions Affected: 10.1, 11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used (CVE-2023-47746)
<https://www.ibm.com/support/pages/node/7105505&gt;
Versions Affected: 10.5, 11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. (CVE-2023-47152)
<https://www.ibm.com/support/pages/node/7105605&gt;

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141)
<https://www.ibm.com/support/pages/node/7105497&gt;
Versions Affected: 11.5

Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure
<https://www.ibm.com/support/pages/node/7105499&gt;
Versions Affected: 11.5

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-45193)
<https://www.ibm.com/support/pages/node/7105501&gt;
Versions Affected: 11.5

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)
<https://www.ibm.com/support/pages/node/7105506&gt;
Versions Affected: 11.5

Workarounds and Mitigations

None