CVE-2020-4355

Name of the Vulnerable Software and Affected Versions IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5

Description The issue is related to the improper handling of Secure Sockets Layer (SSL) renegotiation requests, which can lead to a denial of service. By sending specially-crafted requests, a remote attacker could exploit this to increase the resource usage on the system. This could potentially allow an attacker to cause a denial of service by sending these requests.

Recommendations For versions 9.7, 10.1, 10.5, 11.1, and 11.5, consider restricting access to the SSL renegotiation functionality until a patch is available. As a temporary workaround, consider disabling the SSL renegotiation feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.