Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825)

Summary IBM® Db2® could disclose sensitive information when using ADMINCMD with LOAD or BACKUP. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When using...

Security Bulletin: IBM DB2 used by IBM Security Verify Governance has multiple vulnerabilities

Summary Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. IBM Security Verify Governance components Verify Governance, Identity Manager - Software, Identity Manager - Virtual Appliance, and Identity Manager - Container ship with IBM DB2...

Security Bulletin: IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. (CVE-2023-29257)

Summary IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 is vulnerable to remote code execution as a...

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerabilitiy due to improper privilege management when a specially crafted table access is used. (CVE-2022-43927)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to improper privilege management when a specially crafted table access is used. Vulnerability Details CVEID:CVE-2022-43927 DESCRIPTION: IBM Db2 is vulnerable to information Disclosure due to improper privilege manageme...

Security Bulletin: IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. (CVE-2014-3577)

Summary IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. Vulnerability Details CVEID:CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component

Summary Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Security Verify...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389)

Summary IBM® Db2® is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. Vulnerability Details CVEID: CVE-2022-22389 DESCRIPTION: IBM Db2 is vulnerable to a denial of service as the server may terminate...

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure, exposing remote storage credentials to privileged users under specific conditions.(CVE-2021-29752)

Summary IBM® Db2® is vulnerable to an information disclosure, exposing remote storage credentials to privileged users under specific conditions.CVE-2021-29752 Vulnerability Details CVEID: CVE-2021-29752 DESCRIPTION: IBM Db2 contains an information disclosure vulnerability, exposing remote storage...

Security Bulletin: Buffer overflow in IBM® Db2® tool db2licm (CVE-2018-1710).

Summary The Db2 tool db2licm is vulnerable to a buffer overflow. Vulnerability Details CVEID: CVE-2018-1710 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code executio...

Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)

Summary IBM Db2 on Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability ...

Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)

Summary IBM Db2 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. Vulnerability Details CVEID: CVE-2020-5025 DESCRIPTION: IBM DB2 db2fm is vulnerable to a buffer overflow,...

Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4200).

Summary Db2 is vulnerable to a denial of service. Authenticated users using a JDBC client may send specially crafted commands to cause Db2 to terminate abnormally. Vulnerability Details CVEID: CVE-2020-4200 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server could allow a...

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2020-4230).

Summary IBM Db2 is vulnerable to a priviledge escalation. An authenticated local attacker with special permissions can execute specially crafted Db2 commands to modify the owner of stored procedures to SYSIBM, causing a privilege escalation. Vulnerability Details CVEID: CVE-2020-4230 DESCRIPTION:...

CVE-2020-27488

Loxone Miniserver devices with firmware before 11.1 aka 11.1.9.3 are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices or attackers who are spoofing these devices can continue to use an unauthenticated cloud service for an...

Azure File Sync Agent v11.1 Release – November 2020 (KB4539951)

Update for Azure File Sync agent version 11.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2019-4587)

Summary Db2 could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unquoted search path in sshdworker.exe. By inserting arbitrary file in the path, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges...

Security Bulletin: IBM® Db2® is vulnerable to information disclosure (CVE-2019-4524)

Summary Db2 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users, after running LOAD or UPDATE ALERT CFG through the ADMINCMD stored procedure. Vulnerability Details CVEID: CVE-2019-4524 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes...

Security Bulletin: Under specialized conditions, IBM® Db2® is vulnerable to denial of service (CVE-2019-4101).

Summary Db2 is vulnerable to a denial of service. Users that have both EXECUTE on PDGETDIAGHIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. Vulnerability Details CVEID: CVE-2019-4101 DESCRIPTION: DB2 for Linux, UNIX and Windows includes DB2 Connect...

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation to root via malicious use of fenced user (CVE-2019-4057).

Summary When a DB2 instance is created a "fenced" user is specified to run external stored procedures/user defined functions. Db2 could allow malicious user with access to the Db2 instance owner account to leverage a fenced execution process to execute arbitrary code as root. This vulnerability...

Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow leading to privilege escalation (CVE-2018-1897).

Summary Db2 is vulnerable to a buffer overflow leading to privilege escalation. Vulnerability Details CVEID: CVE-2018-1897 DESCRIPTION: IBM Db2 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code CVSS...