search cancel

DB2 Tools information on the Security Vulnerability PTF's for PDA and PFU

book

Article ID: 202417

calendar_today

Updated On:

Products

Database Analyzer for DB2 for z/OS Fast Unload for DB2 for z/OS Fast Check for DB2 for z/OS Fast Index for DB2 for z/OS Rapid Reorg for DB2 for z/OS

Issue/Introduction

More information is needed on these Security Integrity Vulnerability red flags PTF's. Explain what these are for and provide details.

CPDAK00  CPDAK00  AC15126  SO15130  GOOD   YES        SECINT  B7.5,T6.6
CPFUK00  CPFUK00  AC15085  SO15086  GOOD   YES        SECINT  B7.5,T6.6

 

Environment

Release : 20.0

Component : CA Database Analyzer for DB2 for z/OS

Resolution

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response."

BROADCOM PROVIDES THE CVSS BASE AND TEMPORAL SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY IN THEIR SPECIFIC ENVIRONMENT. BROADCOM DOES NOT PROVIDE A CVSS ENVIRONMENT SCORE. THE CVSS ENVIRONMENT SCORE IS CUSTOMER ENVIRONMENT SPECIFIC AND WILL IMPACT THE OVERALL CVSS SCORE. CUSTOMERS SHOULD EVALUATE THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY AND CAN CALCULATE A CVSS ENVIRONMENT SCORE.

The CVSS score and all other information describing the security matter is Broadcom confidential and may be used by you for internal purposes only and may not be disclosed to any third party without Broadcom's prior written consent.

Description: This issue may pertain to users of DB2 UTILITIES with FMID fmid1 [,fmid2] … Note: fmidn denotes the release(s) of a product

CVSS Version: V3

CVSS Base = 7.8

CVSS Temporal = 7.5

CVSS Vector = (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:X/RL:O/RC:C)



Suggested Action: Based on current information, Broadcom believes the applicable

PTFs should be applied to your z/OS system configuration. Please see the HOLDDATA file for the specific PTF numbers for the applicable FMIDs.

Please ensure that you update all of your Broadcom products to a supported version, which you can locate on our MF Release & Support Lifecycle Dates page. Security and integrity fixes are generally only issued for supported versions of Broadcom products