CVE-2021-20579

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5

Description: The issue allows a user who can create a view or inline SQL function to obtain sensitive information when AUTO REVAL is set to DEFFERED FORCE.

Recommendations: For versions 9.7, 10.1, 10.5, 11.1, and 11.5, consider restricting the ability to create views or inline SQL functions to minimize the risk of exploitation. As a temporary workaround, consider setting AUTO REVAL to a value other than DEFFERED FORCE until a patch is available.