Medium Severity

IBM Security Bulletin: Vulnerability in OpenSSL affects FlashCopy Manager shipped with IBM® Db2® LUW (CVE-2017-3738, CVE-2017-3737).

Share this post:

Security vulnerabilities have been identified in OpenSSL that affect IBM Tivoli Storage FlashCopy Manager (FCM) shipped as a component of IBM Db2.

CVE(s): CVE-2017-3738, CVE-2017-3737

Affected product(s) and affected version(s):

IBM Db2 Advanced Copy Services included in IBM Db2 and Db2 Connect v10.1, v10.5 and v11.1 server editions running on AIX and Linux are affected.

Only users of DB2 Advanced Copy Services (snapshot backup) are affected by this vulnerability. IBM Db2 includes a restricted version of IBM Tivoli Storage FlashCopy Manager, i.e. FCM v4.1, the version affected by this vulnerability. IBM Db2 Advanced Copy Services in conjunction with IBM Tivoli Storage FCM 4.1, on all current fix packs of IBM Db2 v10.1, v10.5 and v11.1, are affected. AIX installations of Db2 may have this package installed by default, though it may not be in use on the system. FCM is not automatically installed on Linux and other platforms for IBM Db2 v11.1.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10716907
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136078
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077

More stories

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Spectrum Conductor and IBM Spectrum Conductor with Spark

May 29, 2020 8:00 pm EDT | Medium Severity

There is an unspecified vulnerability (CVE-2019-2949) in IBM® Runtime Environment Java™ Version 8 used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3.0, and IBM Spectrum Conductor with Spark 2.2.1. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3, and IBM Spectrum Conductor with Spark 2.2.1 have addressed the applicable CVE. ...read more


Security Bulletin: Vulnerabilities in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2019-18348)

May 29, 2020 8:00 pm EDT | Medium Severity

Vulnerabilities in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2019-18348) ...read more


Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4352

May 29, 2020 8:00 pm EDT | Medium Severity

IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4352. ...read more