Security Bulletin: IBM i2 Analyze is affected by multiple vulnerabilities in IBM DB2

Summary

Deployments of i2 Analyze using DB2 will need to refer to the DB2 Security Bulletins linked below to determine if they are vulnerable and apply fixes as detailed.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Security Bulletin: Under special circumstances, Db2 is vulnerable to a denial of service during drop table (CVE-2021-29777)
<https://www.ibm.com/support/pages/node/6466373&gt;
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure (CVE-2021-20579)
<https://www.ibm.com/support/pages/node/6466369&gt;
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. (CVE-2021-29703)
<https://www.ibm.com/support/pages/node/6466371&gt;
Affected Db2 releases: V10.1, V10.5, V11.1, V11.5

Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.
<https://www.ibm.com/support/pages/node/6466365&gt;
Affected Db2 releases: V11.1, V11.5

Security Bulletin: IBM® Db2® could allow a local user to access and change the configuration of DB2 due to a race condition via a symbolic link. (CVE-2020-4885)
<https://www.ibm.com/support/pages/node/6466363&gt;
Affected Db2 releases: V11.5

Security Bulletin: IBM® Db2® could allow an authenticated user to overwrite arbirary files due to improper group permissions. (CVE-2020-4945)
<https://www.ibm.com/support/pages/node/6466367&gt;
Affected Db2 releases: V11.5

Workarounds and Mitigations

None