IBMC98D5CBCE2A8AB30823D6D5FD822B5DEA14803E998C6A81EC128DE43425AAA76Security Bulletin: Vulnerability CVE-2020-4345 in SQL affects IBM i
EPSS
Percentile
5.1%
Summary
SQL is used on IBM i. IBM i has addressed the applicable CVE.
Vulnerability Details
CVEID:CVE-2020-4345
**DESCRIPTION:**IBM i users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to.
CVSS Base score: 2.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178318 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM i | 7.4 |
| IBM i | 7.3 |
| IBM i | 7.2 |
Remediation/Fixes
The issue can be fixed by applying a PTF to the IBM i Operating System.
Releases 7.4, 7.3, and 7.2 of IBM i are supported and will be fixed.
The IBM i PTF or Group PTF numbers containing the fix for the CVE follow. Future Group PTFs for Db2 will also contain the fixes for this CVE.
Release 7.2 - SI72600 PTF
Release 7.3 - SF99703 Group PTF level 18
Release 7.4 - SF99704 Group PTF level 7
_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
Workarounds and Mitigations
None
Related
