QID 375760

Date Published: 2021-08-05

QID 375760: IBM DB2 Stack-Based Buffer Overflow Vulnerability (January 2021 CPU)

DB2 is a family of data management products, including database servers, developed by IBM.
CVE-2020-27221 - stack based bufferoverflow vulnerability was discovered in IBM DB2.

Affected Version:
DB2 Release v9.7 jdk version prior to 7.0.10.80
DB2 Release V10.1 jdk version prior to 7.0.10.80
DB2 Release V10.5 jdk version prior to 7.0.10.80
DB2 Release V11.1 jdk version prior to 8.0.6.25
DB2 Release V11.5 jdk version prior to 8.0.6.25

QID Detection Logic:(Authenticated)
This QID sends INST_DIR/java/jdk64/bin/./java -version command to check the vulnerable version of Java used by DB2.
Note: use db2 user credentials to scan this qid.

On Successful exploitation a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as High - 7.5 severity.

Solution

The vendor has released multiple fixes. For more information please visit6446277

Vendor References

6446277 - www.ibm.com/support/pages/node/6446277

CVEs related to QID 375760

CVE-2020-27221 |

Software Advisories

Advisory ID	Software	Component	Link
6446277			www.ibm.com/support/pages/node/6446277

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].