CVE-2020-4420

Name of the Vulnerable Software and Affected Versions IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5

Description The issue is related to errors in resource release, which could allow an unauthenticated attacker to cause a denial of service due to a hang in the execution of a terminate command. This can be exploited by a remote attacker.

Recommendations For versions 9.7, 10.1, 10.5, 11.1, and 11.5, consider temporarily restricting access to the terminate command until a patch is available. As a temporary workaround, consider disabling the execution of the terminate command to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.