9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
DB2 LUW is affected by a vulnerability in IBM® Spectrum Scale Version V4.2 and V4.1 that is used by DB2® pureScale™ Feature on AIX and Linux. IBM Spectrum Scale is previously known as General Parallel File System (GPFS).
CVEID: CVE-2018-1431 DESCRIPTION: A vulnerability in GSKit affects IBM Spectrum Scale that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139240> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.
CVSS Base Score: 5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139972> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2017-3732 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
All fix pack levels of IBM Db2 V10.5, and V11.1 editions on all Unix-type platforms are affected. Windows platforms are not affected.
Customers running any vulnerable fixpack level of an affected Program, V10.5 and V11.1, can contact IBM technical support to obtain the Spectrum Scale security package update. Before installing the Spectrum Scale security package, the DB2 level might need to be upgraded to the level that includes the supported Spectrum Scale level. Do not attempt to upgrade Spectrum Scale by any other means. The table below lists the DB2 releases and the Spectrum Scale security package to request from IBM technical support.
DB2 Release | Obtain following from IBM technical support: |
---|---|
10.5 AIX 64-bit |
U881200.gpfs.gskit.bff
10.5 Linux 64-bit, x86-64 |
gpfs.gskit-8.0.50-86.x86_64.rpm
10.5 Linux 64-bit, POWER™ little endian |
gpfs.gskit-8.0.50-86.ppc64le.rpm
11.1 AIX 64-bit |
U881200.gpfs.gskit.bff
11.1 Linux 64-bit, x86-64 |
gpfs.gskit-8.0.50-86.x86_64.rpm
11.1 Linux 64-bit, POWER™ little endian |
gpfs.gskit-8.0.50-86.ppc64le.rpm
The Spectrum Scale security package upgrade instructions are available here: <https://www-01.ibm.com/support/docview.wss?uid=ibm10731637>
None.
CPE | Name | Operator | Version |
---|---|---|---|
db2 for linux, unix and windows | eq | 10.5 | |
db2 for linux, unix and windows | eq | 11.1 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C