Medium Severity

Security Bulletin: IBM® Db2® could allow a local user to read and write specific files due to weak file permissions (CVE-2020-4976)

Share this post:

IBM® Db2® could allow a local user to read and write specific files due to weak file permissions

CVE(s): CVE-2020-4976

Affected product(s) and affected version(s):

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6489495
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192469

More stories

Security Bulletin: Security Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020 – affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Dec 1, 2021 7:02 pm EST | Medium Severity

There are multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU minus CVE-2020-14781 and CVE-2020-14782 and CVE-2020-14782 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Global Configuration Management (GCM). These issues were disclosed as part of the IBM Java SDK updates in Oct 2020. ...read more


Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Netty.io

Dec 1, 2021 7:01 pm EST | Medium Severity

IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Netty.io. ...read more


Security Bulletin: Apache Wink as used by IBM Disconnected Log Collector is vulnerable to an XML External Entity Error (XXE) (CVE-2010-2245)

Dec 1, 2021 7:00 pm EST | Medium Severity

Apache Wink as used by IBM Disconnected Log Collector is vulnerable to an XML External Entity Error (XXE) ...read more