More information is needed on these Security Integrity Vulnerability red flags PTF's. Explain what these are for and provide details.
CPDAK00 CPDAK00 AC15126 SO15130 GOOD YES SECINT B7.5,T6.6
CPFUK00 CPFUK00 AC15085 SO15086 GOOD YES SECINT B7.5,T6.6
Release : 20.0
Component : CA Database Analyzer for DB2 for z/OS
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response."
BROADCOM PROVIDES THE CVSS BASE AND TEMPORAL SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY IN THEIR SPECIFIC ENVIRONMENT. BROADCOM DOES NOT PROVIDE A CVSS ENVIRONMENT SCORE. THE CVSS ENVIRONMENT SCORE IS CUSTOMER ENVIRONMENT SPECIFIC AND WILL IMPACT THE OVERALL CVSS SCORE. CUSTOMERS SHOULD EVALUATE THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY AND CAN CALCULATE A CVSS ENVIRONMENT SCORE.
The CVSS score and all other information describing the security matter is Broadcom confidential and may be used by you for internal purposes only and may not be disclosed to any third party without Broadcom's prior written consent.
Description: This issue may pertain to users of DB2 UTILITIES with FMID fmid1 [,fmid2] … Note: fmidn denotes the release(s) of a product
CVSS Version: V3
CVSS Base = 7.8
CVSS Temporal = 7.5
CVSS Vector = (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:X/RL:O/RC:C)
Suggested Action: Based on current information, Broadcom believes the applicable
PTFs should be applied to your z/OS system configuration. Please see the HOLDDATA file for the specific PTF numbers for the applicable FMIDs.
Please ensure that you update all of your Broadcom products to a supported version, which you can locate on our MF Release & Support Lifecycle Dates page. Security and integrity fixes are generally only issued for supported versions of Broadcom products