High Severity

Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)

Nov 30, 2020 7:00 pm EST

Categorized: High Severity

Share this post:

IBM DB2 on Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Affected product(s) and affected version(s):

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on Windows are affected.  Linux and Unix are not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6370023


Previous Post

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Next Post

Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway
More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Feb 27, 2021 7:00 pm EST | High Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. ...read more

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Feb 27, 2021 7:00 pm EST | High Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. ...read more

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

Feb 27, 2021 7:00 pm EST | High Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. ...read more