Medium Severity

IBM Security Bulletin: Vulnerability in OpenSSL affects FlashCopy Manager shipped with IBM® Db2® LUW (CVE-2017-3738, CVE-2017-3737).

Share this post:

Security vulnerabilities have been identified in OpenSSL that affect IBM Tivoli Storage FlashCopy Manager (FCM) shipped as a component of IBM Db2.

CVE(s): CVE-2017-3738, CVE-2017-3737

Affected product(s) and affected version(s):

IBM Db2 Advanced Copy Services included in IBM Db2 and Db2 Connect v10.1, v10.5 and v11.1 server editions running on AIX and Linux are affected.

Only users of DB2 Advanced Copy Services (snapshot backup) are affected by this vulnerability. IBM Db2 includes a restricted version of IBM Tivoli Storage FlashCopy Manager, i.e. FCM v4.1, the version affected by this vulnerability. IBM Db2 Advanced Copy Services in conjunction with IBM Tivoli Storage FCM 4.1, on all current fix packs of IBM Db2 v10.1, v10.5 and v11.1, are affected. AIX installations of Db2 may have this package installed by default, though it may not be in use on the system. FCM is not automatically installed on Linux and other platforms for IBM Db2 v11.1.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10716907
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136078
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077

More stories

IBM Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2018-1890)

Jun 25, 2019 9:01 am EDT | Medium Severity

There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in March 2019 CVE(s): CVE-2018-1890 Affected product(s) and affected version(s):IBM Connect:Direct Web Services from version 5.3 to 6.0.0.1 Refer to the following ...read more


IBM Security Bulletin: WebSphere App Server – Out of Memory Exception can cause DOS

Jun 25, 2019 9:01 am EDT | Medium Severity

IBM Worklight/MobileFoundation has addressed the following vulnerability. WebSphere App Server – Out of Memory Exception can cause DOS CVE(s): CVE-2019-4046 Affected product(s) and affected version(s):IBM MobileFirst Platform Foundation 8.0.0.0 – ICP, IKS or using the scripts (BYOL) IBM MobileFirst Platform Foundation 7.1.0.0 – using the scripts (BYOL) Refer to the following reference URLs for remediation ...read more


IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli System Automation Application Manager April 2019 CPU (CVE-2019-2684)

Jun 24, 2019 9:01 am EDT | Medium Severity

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4.1.0.0 – 4.1.0.1 . These issues were disclosed as part of the IBM Java SDK updates in April 2019. There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli ...read more