Critical Severity

Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data

June 29, 2022

Categorized: Critical Severity

Share this post:

IBM has released the following fix for IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.

CVE(s): CVE-2019-11251, CVE-2019-11252, CVE-2021-25735, CVE-2020-15112, CVE-2018-20699, CVE-2020-8555, CVE-2020-15106, CVE-2020-8552, CVE-2018-1099, CVE-2019-11250, CVE-2020-8565, CVE-2019-11254, CVE-2020-8564, CVE-2020-8551, CVE-2021-41190, CVE-2019-11840, CVE-2021-43784, CVE-2020-8557, CVE-2021-25737, CVE-2020-8559, CVE-2021-31525, CVE-2019-11249, CVE-2020-8554, CVE-2021-25736, CVE-2021-3121, CVE-2021-42248, CVE-2021-27918, CVE-2020-7919, CVE-2018-17848, CVE-2020-9283, CVE-2020-14040, CVE-2018-17846, CVE-2018-1002105, CVE-2018-17142, CVE-2019-11253, CVE-2018-17143, CVE-2020-29652, CVE-2021-33194, CVE-2018-17847, CVE-2020-36067, CVE-2021-42836, CVE-2019-11841, CVE-2021-43565, CVE-2022-27191, CVE-2021-44907, CVE-2017-1002101, CVE-2018-1098, CVE-2020-28852, CVE-2021-20206, CVE-2021-25741, CVE-2017-18367, CVE-2020-27813, CVE-2018-16886, CVE-2021-3538, CVE-2019-11247, CVE-2019-16884, CVE-2020-26160, CVE-2020-15113, CVE-2020-10752, CVE-2021-30465, CVE-2020-28851, CVE-2021-44716

Affected product(s) and affected version(s):

All platforms of the following IBM® Db2® On Openshift fix pack releases and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data refresh levels are affected:

Release Version
IBM® Db2® On Openshift

v11.5.5.0 – v11.5.5.0-cn4
v11.5.5.1  – v11.5.5.1-cn3
v11.5.6.0 – v11.5.6.0-cn5
v11.5.7.0 – v11.5.7.0-cn4
IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data

v3.5 through refresh 10
v4.0 through refresh 9

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6599703
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/168617
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/185780
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199931
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/186328
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155499
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/182744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/186329
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/178254
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141541
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/166710
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/189925
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/178935
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/189924
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/178253
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213802
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160943
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214558
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/185301
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202128
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/185302
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202709
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/164768
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192721
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201652
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194539
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/227236
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198075
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/178227
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150633
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/176688
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/184313
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150630
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153638
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/149973
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/168618
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/149972
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/193622
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202644
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150632
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194240
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211919
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160985
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219761
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/222162
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/222194
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140496
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141542
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194163
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198968
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/209533
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160136
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192563
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155498
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202922
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/164767
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/167792
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/189408
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/186327
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/184792
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202132
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194162
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216553


Previous Post

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2021-35550, CVE-2021-35603)

Next Post

Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Netty (CVE-2022-24823)
More stories

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2022-24765).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio, caused by an uncontrolled search for the Git directory in Git (CVE-2022-24765). Git for Visual Studio is used in the base operating system of IBM Watson Speech. Please read the details for remediation below. ...read more

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl (CVE-2020-12723).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl, caused by recursive S_study_chunk calls in regcomp.c (CVE-2020-12723). This could allow a remote attacker to overflow a buffer and execute arbitrary code on the system. Perl is included in some of the operators used in IBM Watson Speech. Please read the details for remediation below. ...read more

Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

August 3, 2022 | Critical Severity

IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring Framework is used in the web application. Updated Spring library will be shipped in upcoming fix pack. ...read more