IBM Support

Security Bulletin: IBM i2 Analyze is affected by multiple vulnerabilities in IBM DB2

Security Bulletin


Summary

Deployments of i2 Analyze using DB2 will need to refer to the DB2 Security Bulletins linked below to determine if they are vulnerable and apply fixes as detailed.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)Version(s)
IBM i2 AnalyzeIBM i2 Analyze 4.3.1
IBM i2 AnalyzeIBM i2 Analyze 4.3.0
IBM i2 AnalyzeIBM i2 Analyze 4.3.2

Remediation/Fixes

Security Bulletin: Under special circumstances, Db2 is vulnerable to a denial of service during drop table (CVE-2021-29777)
https://www.ibm.com/support/pages/node/6466373
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure (CVE-2021-20579)
https://www.ibm.com/support/pages/node/6466369
Affected Db2 releases: V9.7, V10.1, V10.5, V11.1, V11.5

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. (CVE-2021-29703)
https://www.ibm.com/support/pages/node/6466371
Affected Db2 releases: V10.1, V10.5, V11.1, V11.5

Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.
https://www.ibm.com/support/pages/node/6466365
Affected Db2 releases: V11.1, V11.5

Security Bulletin: IBM® Db2® could allow a local user to access and change the configuration of DB2 due to a race condition via a symbolic link. (CVE-2020-4885)
https://www.ibm.com/support/pages/node/6466363
Affected Db2 releases: V11.5

Security Bulletin: IBM® Db2® could allow an authenticated user to overwrite arbirary files due to improper group permissions. (CVE-2020-4945)
https://www.ibm.com/support/pages/node/6466367
Affected Db2 releases: V11.5

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

14 Jul 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSXVTH","label":"i2 Analyze"},"Component":"","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF016","label":"Linux"}],"Version":"ALL","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
14 July 2021

UID

ibm16472103

Page Feedback