|
Problem IT37712
|
Status: Closed |
SECURITY: IBM DB2 MAY BE VULNERABLE TO AN INFORMATION DISCLOSURE UNDER CERTAIN CIRCUMSTANCES WITH LOAD UTILITY (CVE-2021-20373)
|
| product: |
DB2 FOR LUW / DB2FORLUW / B50 - DB2 |
| Problem description: |
Under certain circumstances the LOAD utility does not enforce
directory restrictions, resulting in an information disclosure.
See Security Bulletin for details:
https://www.ibm.com/support/pages/node/6523804 |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 11.5 GA to 11.5.6 *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 11.5.7. See Security Bulletin for *
* details. *
**************************************************************** |
| Local Fix: |
|
| Solution |
|
| Workaround |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 11.5 GA to 11.5.6 *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 11.5.7. See Security Bulletin for *
* details. *
**************************************************************** |
| Comment |
The complete fix for this problem first appears in DB2 Version
11.5.7 and all the subsequent Fix Packs. |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 21.07.2021
07.12.2021
08.12.2021 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
