Medium Severity

IBM Security Bulletin: Vulnerability in OpenSSL affects FlashCopy Manager shipped with IBM® Db2® LUW (CVE-2017-3738, CVE-2017-3737).

Share this post:

Security vulnerabilities have been identified in OpenSSL that affect IBM Tivoli Storage FlashCopy Manager (FCM) shipped as a component of IBM Db2.

CVE(s): CVE-2017-3738, CVE-2017-3737

Affected product(s) and affected version(s):

IBM Db2 Advanced Copy Services included in IBM Db2 and Db2 Connect v10.1, v10.5 and v11.1 server editions running on AIX and Linux are affected.

Only users of DB2 Advanced Copy Services (snapshot backup) are affected by this vulnerability. IBM Db2 includes a restricted version of IBM Tivoli Storage FlashCopy Manager, i.e. FCM v4.1, the version affected by this vulnerability. IBM Db2 Advanced Copy Services in conjunction with IBM Tivoli Storage FCM 4.1, on all current fix packs of IBM Db2 v10.1, v10.5 and v11.1, are affected. AIX installations of Db2 may have this package installed by default, though it may not be in use on the system. FCM is not automatically installed on Linux and other platforms for IBM Db2 v11.1.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10716907
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136078
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077

More stories

IBM Security Bulletin: Information disclosure vulnerability in WebSphere Application Server (CVE-2019-4477)

Sep 16, 2019 5:11 pm EDT | Medium Severity

There is an information disclosure in WebSphere Application Server when using Security Auditing. CVE(s): CVE-2019-4477 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Version 9.0 Version 8.5 Version 8.0 Version 7.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www.ibm.com/support/pages/node/960290X-Force ...read more


IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4270)

Sep 16, 2019 5:11 pm EDT | Medium Severity

There is a potential denial of service in the Admin Console of WebSphere Application Server. CVE(s): CVE-2019-4270 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Version 9.0 Version 8.5 Version 8.0 Version 7.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more


IBM Security Bulletin: Path traversal vulnerability in WebSphere Application Server Admin Console (CVE-2019-4442)

Sep 16, 2019 3:52 pm EDT | Medium Severity

There is a path traversal vulnerability in the Admin Console of WebSphere Application Server. CVE(s): CVE-2019-4442 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Version 9.0 Version 8.5 Version 8.0 Version 7.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more