The DB2 database system from IBM is vulnerable. Attackers could attack systems and, among other things, access data without authorization or overwrite files. Versions secured against this provide a remedy.
Admins should study the warning messages linked below this message and find and install the security updates that are relevant to them. Among other things, the versions IBM Db2 V9.7, V10.1, V10.5, V11.1 and V11.5 on the systems AIX, HP-UX, Linux, Solaris and Windows are affected.
The most dangerous is the one with the threat level “high“Classified vulnerability with the identifier CVE-2021-29703. Here an attacker could paralyze the database server by executing specially crafted SELECT statements.
If attackers successfully address the other vulnerabilities, an authenticated attacker could overwrite files (CVE-2021-4945 “medium“). In addition, unauthorized access to the Db2 configuration is conceivable (CVE-2021-4885 “medium“). The successful exploitation of another loophole (CVE-2021-20579 “medium“) Could lead to information disclosure. A vulnerability (CVE-2021-29777 “medium“) Could pave the way to a DoS attack.