Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4161)
Security Bulletin
Summary
Db2 is vulnerable to a denial of service. Authenticated users can use specific commands on a Db2 server to cause the server to terminate abnormally
Vulnerability Details
CVEID: CVE-2020-4161
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174341 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
All fix pack levels of IBM Db2 V11.5 editions on all platforms are affected.
Remediation/Fixes
Release | Fixed in fix pack | APAR | Download URL |
V11.5 | TBD | IT31462 | Special Build for V11.5 GA: AIX 64-bit |