Security Bulletin: Multiple GSKit Vulnerabilities in IBM DB2 (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203).
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtmedium psirtim
0 Comments | 2,219 Visits
GSKit is an IBM product that is used by IBM DB2 for SSL support. The GSKit that is shipped with DB2 contains multiple security vulnerabilities. By default, DB2 does not use SSL for client-server communication and therefore, DB2 is vulnerable only if SSL is enabled.
CVE(s): CVE-2012-2190 and CVE-2012-2191
Affected product(s): IBM DB2 and DB2 Connect
Affected version(s):9.1, 9.5, 9.7 and 10.1
Refer to the following reference URLs for remediation and additional vulnerability details.
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21626749
X-Force Database: http://xforce.iss.net/xforce/xfdb/75994 http://xforce.iss.net/xforce/xfdb/75996 http://xforce.iss.net/xforce/xfdb/77280