High Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®.

Share this post:

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.45 and earlier, 7.1.4.45 and earlier, 8.0.5.37 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in July 2019.

CVE(s): CVE-2019-2766, CVE-2019-2816, CVE-2019-2762, CVE-2019-2769, CVE-2019-4473, CVE-2019-11771

Affected product(s) and affected version(s):

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1 and V11.5 editions on all platforms are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/1073908
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163829
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163878
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163826
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163832
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163984
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163989

More stories

Security Bulletin: IBM MQ certified container is vulnerable to multiple vulnerabilities within IBM MQ.(CVE-2019-4655, CVE-2019-4560, CVE-2019-4614, CVE-2019-4620)

Feb 26, 2020 7:00 pm EST | High Severity

Multiple vulnerabilities were found within IBM MQ which is packaged with the IBM MQ certified container. ...read more


Security Bulletin: Vulnerability in OpenSLP affects Power Hardware Management Console (CVE-2019-5544)

Feb 26, 2020 7:00 pm EST | High Severity

The opensslp packages provide Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. And is vulnerable by CVE-2019-5544 ...read more


Security Bulletin: IBM MQ certified container is vulnerable to a denial of service vulnerability in golang (CVE-2019-17596)

Feb 26, 2020 7:00 pm EST | High Severity

A vulnerability was discovered in golang which is used to create the control programs used by IBM MQ certified container. ...read more