CVE-2020-4200: 
IBM Db2 vulnerability analysis and mitigation

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 10.5, 11.1, and 11.5 contained a vulnerability that could allow an authenticated attacker to cause a denial of service by sending specially crafted commands. The vulnerability was discovered in December 2019 and was assigned CVE-2020-4200 with IBM X-Force ID: 174914 (MITRE CVE, IBM Security).

The vulnerability has been assigned a CVSS Base score of 6.5 with the vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The attack requires network access and low privilege levels, with no user interaction needed. The scope is unchanged, and while there is no impact on confidentiality or integrity, there is a high impact on availability (IBM Security).

When exploited, this vulnerability allows authenticated users using a JDBC client to send specially crafted commands that can cause DB2 to terminate abnormally, resulting in a denial of service condition (IBM Security).

IBM has released special builds containing interim fixes for all affected versions. The fixes are available based on the most recent fixpack levels: V10.5 FP10, V11.1 FP5, and V11.5 GA. These special builds can be applied to any affected fixpack level of the appropriate release to remediate the vulnerability. No workarounds or alternative mitigations are available (IBM Security).