IBM Support

Security Bulletin: IBM Db2® Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2®

Security Bulletin


Summary

IBM has released the following fix for IBM Db2® Warehouse in response to multiple vulnerabilities found in IBM Db2®.

Vulnerability Details

CVEID:   CVE-2022-22389
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221970 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-22390
DESCRIPTION:   IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221973 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)Version(s)
IBM dashDB LocalAll

Remediation/Fixes

Update your implementation to IBM Db2 Warehouse v11.5.7.0-CN5 or later. For information about how to update, see the following topics:

https://www.ibm.com/docs/en/db2-warehouse?topic=warehouse-updating-db2

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

28 Jul 2022: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSRU6J","label":"IBM DashDB Local"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All","Edition":""}]

Document Information

Modified date:
28 July 2022

UID

ibm16607890