CVE-2021-38926: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5 contained a vulnerability that could allow a local user to gain elevated privileges. The vulnerability was discovered in August 2021 and was assigned CVE-2021-38926 (NVD).

The vulnerability stems from the database system allowing modification of columns of existing tasks. It received a CVSS v3.1 Base Score of 5.5 (Medium) with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating local access required, low attack complexity, low privileges required, no user interaction needed, and potential for high impact on integrity (IBM Security Bulletin).

Successful exploitation of this vulnerability could lead to privilege escalation, allowing attackers to gain elevated access to the system. The vulnerability primarily affects the integrity of the system, with no direct impact on confidentiality or availability (NetApp Security).

IBM released fixes for all affected versions through special builds containing interim fixes. The fixes are available for V9.7 FP11, V10.1 FP6, V10.5 FP11, V11.1.4 FP6, and V11.5.5. These can be applied to any affected fixpack level of the appropriate release. For V11.5, the fix was included in version 11.5.7 (IBM Security Bulletin).