Medium Severity

IBM Security Bulletin: Vulnerability in OpenSSL affects FlashCopy Manager shipped with IBM® Db2® LUW (CVE-2017-3738, CVE-2017-3737).

Share this post:

Security vulnerabilities have been identified in OpenSSL that affect IBM Tivoli Storage FlashCopy Manager (FCM) shipped as a component of IBM Db2.

CVE(s): CVE-2017-3738, CVE-2017-3737

Affected product(s) and affected version(s):

IBM Db2 Advanced Copy Services included in IBM Db2 and Db2 Connect v10.1, v10.5 and v11.1 server editions running on AIX and Linux are affected.

Only users of DB2 Advanced Copy Services (snapshot backup) are affected by this vulnerability. IBM Db2 includes a restricted version of IBM Tivoli Storage FlashCopy Manager, i.e. FCM v4.1, the version affected by this vulnerability. IBM Db2 Advanced Copy Services in conjunction with IBM Tivoli Storage FCM 4.1, on all current fix packs of IBM Db2 v10.1, v10.5 and v11.1, are affected. AIX installations of Db2 may have this package installed by default, though it may not be in use on the system. FCM is not automatically installed on Linux and other platforms for IBM Db2 v11.1.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10716907
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136078
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077

More stories

Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Automation Manager

Sep 16, 2021 8:01 pm EDT | Medium Severity

A security vulnerability in Golang Go affects IBM Cloud Automation Manager. ...read more


Security Bulletin: IBM® Db2® could allow a local user to read and write specific files due to weak file permissions (CVE-2020-4976)

Sep 16, 2021 8:01 pm EDT | Medium Severity

IBM® Db2® could allow a local user to read and write specific files due to weak file permissions ...read more


Security Bulletin: September 2021 : A vulnerability in IBM Java Runtime affects CICS Transaction Gateway

Sep 16, 2021 8:00 pm EDT | Medium Severity

A vulnerability exists in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed this. ...read more