Vulnerability Name: CVE-2020-4135 (CCN-173806) Assigned: 2019-12-30 Published: 2020-02-18 Updated: 2022-01-01 Summary: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2020-4135 ibm-db2-cve20204135-dos(173806) ibm-db2-cve20204135-dos (173806) https://security.netapp.com/advisory/ntap-20210108-0001/ IBM Db2 is vulnerable to denial of service (CVE-2020-4135). https://www.ibm.com/support/pages/node/2876307 Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200) Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Program Management Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2 One or more security vulnerabilities has been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:db2:9.7:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:-:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:-:*:* AND cpe:/o:ibm:aix:-:*:*:*:*:*:*:* OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:* Configuration 2 :cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:db2:9.7:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* AND cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_contract_management:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_sourcing:10.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_contract_management:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_contract_management:10.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_program_management:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_program_management:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_program_management:10.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_server:8.1.0.000:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_server:8.1.9.300:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* BACK
ibm db2 9.7
ibm db2 10.1
ibm db2 10.5
ibm db2 11.1
ibm db2 11.5
ibm aix -
linux linux kernel -
microsoft windows -
netapp oncommand insight -
ibm db2 9.7
ibm db2 9.7
ibm db2 9.7
ibm db2 10.1
ibm db2 10.1
ibm db2 10.1
ibm db2 10.5
ibm db2 10.5
ibm db2 10.5
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
ibm db2 10.5
ibm db2 10.5
ibm db2 10.5
ibm db2 10.1
ibm db2 10.1
ibm db2 10.1
ibm db2 9.7
ibm db2 9.7
ibm db2 9.7
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm emptoris sourcing 10.1.0
ibm emptoris sourcing 10.1.1
ibm emptoris contract management 10.1.0
ibm emptoris sourcing 10.1.3
ibm monitoring 8.1.4
ibm emptoris contract management 10.1.1
ibm emptoris contract management 10.1.3
ibm emptoris program management 10.1.0
ibm emptoris program management 10.1.1
ibm emptoris program management 10.1.3
ibm emptoris supplier lifecycle management 10.1.0
ibm emptoris supplier lifecycle management 10.1.1
ibm emptoris supplier lifecycle management 10.1.3
ibm emptoris strategic supply management 10.1.0
ibm emptoris strategic supply management 10.1.1
ibm emptoris strategic supply management 10.1.3
ibm spectrum protect server 8.1.0.000
ibm spectrum protect server 8.1.9.300
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
Denotes that component is vulnerable