IBM Support

Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.

Security Bulletin


Summary

Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.

Vulnerability Details

CVEID:   CVE-2014-3577
DESCRIPTION:   Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/95327 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:   CVE-2020-27216
DESCRIPTION:   Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190474 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2015-5237
DESCRIPTION:   Google Protocol Buffers could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in MessageLite::SerializeToString. A remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/105989 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2018-11765
DESCRIPTION:   Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in Web interfaces when Kerberos authentication is enabled and SPNEGO through HTTP is disabled. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to access some servlets without authentication.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188908 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2020-11612
DESCRIPTION:   Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders. By sending a large ZlibEncoded byte stream, a remote attacker could exploit this vulnerability to exhaust memory resources.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180530 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2017-18640
DESCRIPTION:   SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174331 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-7238
DESCRIPTION:   Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling Transfer-Encoding whitespace and a later Content-Length header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2020-9488
DESCRIPTION:   Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180824 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2018-8088
DESCRIPTION:   SLF4J could allow a remote attacker to bypass security restrictions, caused by an error in org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH. By sending specially-crafted data, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/140573 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2020-9489
DESCRIPTION:   Apache Tika is vulnerable to a denial of service, caused by an out of memory error and infinite loop flaw in the ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180712 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-5262
DESCRIPTION:   EasyBuild could allow a remote attacker to obtain sensitive information, caused by storing sensitive information in debug log files. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178229 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

All fix pack levels of IBM Db2  V11.1, and V11.5 editions on all platforms are affected.


Remediation/Fixes

Customers running any vulnerable fixpack level of an affected Program, V11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release:  V11.1.4 FP6, and V11.5.5. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.


ReleaseFixed in fix packAPARDownload URL
V11.1TBDIT36439Special Build for V11.1 FP6:

AIX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER™ little endian
Linux 64-bit, System z®, System z9® or zSeries®
Solaris 64-bit, SPARC
Windows 32-bit, x86
Windows 64-bit, x86

V11.5v11.5.6IT36413https://www.ibm.com/support/pages/node/6465915




Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

23 Jun 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF027","label":"Solaris"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.5.x, 11.1.x","Edition":""}]

Document Information

Modified date:
23 June 2021

UID

ibm16466365