An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVEID:CVE-2020-2773
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179673 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
DB2 Query Management Facility for z/OS | 11.2.1 |
DB2 Query Management Facility for z/OS | 12.1 |
Query Management Facility Classic Edition | 11.1 |
DB2 Query Management Facility for z/OS | 12.2 |
Query Management Facility Enterprise Edition | 11.1 |
DB2 Query Management Facility for z/OS | 11.2 |
DB2 Query Management Facility for z/OS | 11.1 |
Please see “Workarounds and Mitigations”
Use the following instructions to download the latest JRE version from the IBM Java download portal and replace it with the JRE you are currently invoking.
Steps to update Java - QMF for Workstation:
Steps to update Java - QMF Vision:
1. Go to: <https://adoptopenjdk.net/releases.html>
2. Download Open JDK 8(LTS) and extract the files to a temporary location.
3. Stop the following Windows services:
- IBM QMF Vision Indexing Service (this will also stop IBM QMF Vision Web Service due to dependencies)
- QMFServerLite
4. Delete
C:\Program Files\IBM\DB2 Query Management Facility\QMF Vision\elasticsearch\java\jre1.8.0_131.
Note: The folder name would be “jre” in case security bulletin reference # 0880785 is already applied.
5. Copy content of downloaded jre from the temporary location (step # 2) to
C:\Program Files\IBM\DB2 Query Management Facility\QMF Vision\elasticsearch\java.
6. Rename folder jre1.8.0_131 to jre.
Note: If the folder in the java folder is already renamed to “jre” via the security bulletin reference #
0880785, then steps 7 through 12 are not required. You can directly go to step 13 and start the relevant
services,
Security bulletin # 0880785 link - <https://www-01.ibm.com/support/docview.wss?uid=ibm10880785>
7. Under C:\Program Files\IBM\DB2 Query Management Facility\QMF Vision, edit the following 6 files:
elasticsearch/bin/install.bat
elasticsearch/bin/start.bat
elasticsearch/bin/stop.bat
elasticsearch/bin/uninstall.bat
qmfserver/bat/setenv.bat
qmfserver/conf/wrapper.conf
For each file, replace “jre1.8.0_131” with “jre”, and save.
8. Open a Windows Command window in Administrator mode and Change directory to elasticsearch/bin.
9. Execute:
uninstall.bat
install.bat
10. Change directory to qmfserver/bat.
11 Execute:
uninstallService.bat
installService.bat.
12. In the Windows Services console, edit “IBM QMF Vision Indexing Service” to change startup type from
“Manual” to “Automatic”.
13. Restart Windows Services:
- IBM QMF Vision Indexing Service
- IBM QMF Vision Web Service
- QMFServerLite