First published: Thu Dec 09 2021(Updated: )
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Db2 | =9.7 | |
Ibm Db2 | =10.1 | |
Ibm Db2 | =10.5 | |
Ibm Db2 | =11.1 | |
Ibm Db2 | =11.5 | |
HP HP-UX | ||
IBM AIX | ||
Linux Linux kernel | ||
Microsoft Windows | ||
Oracle Solaris | ||
IBM IBM® Db2® | <=9.7.0 - 9.7.11 | |
IBM IBM® Db2® | <=10.1.0 - 10.1.6 | |
IBM IBM® Db2® | <=10.5.0 - 10.5.11 | |
IBM IBM® Db2® | <=11.1.4 - 11.1.4.6 | |
IBM IBM® Db2® | <=11.5.0 - 11.5.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-20373 is high with a CVSS score of 7.5.
CVE-2021-20373 may lead to information disclosure when using the LOAD utility in IBM Db2 versions 9.7, 10.1, 10.5, 11.1, and 11.5.
CVE-2021-20373 affects IBM Db2 versions 9.7, 10.1, 10.5, 11.1, and 11.5.
Apply the necessary patch or update provided by IBM to mitigate the vulnerability in IBM Db2.
You can find more information about CVE-2021-20373 on the IBM X-Force website and the IBM support pages.