Jul 24, 2018 9:00 am EDT
Categorized: Medium Severity
Share this post:
Security vulnerabilities have been identified in OpenSSL that affect IBM Tivoli Storage FlashCopy Manager (FCM) shipped as a component of IBM Db2.
CVE(s): CVE-2017-3738, CVE-2017-3737
Affected product(s) and affected version(s):
IBM Db2 Advanced Copy Services included in IBM Db2 and Db2 Connect v10.1, v10.5 and v11.1 server editions running on AIX and Linux are affected.
Only users of DB2 Advanced Copy Services (snapshot backup) are affected by this vulnerability. IBM Db2 includes a restricted version of IBM Tivoli Storage FlashCopy Manager, i.e. FCM v4.1, the version affected by this vulnerability. IBM Db2 Advanced Copy Services in conjunction with IBM Tivoli Storage FCM 4.1, on all current fix packs of IBM Db2 v10.1, v10.5 and v11.1, are affected. AIX installations of Db2 may have this package installed by default, though it may not be in use on the system. FCM is not automatically installed on Linux and other platforms for IBM Db2 v11.1.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10716907
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136078
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077