Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1D84AF56DE8783EE9A8C136F586443FA754AC4CACC93D6BFAD7FD1281CEC26F3
HistoryJun 30, 2023 - 6:43 a.m.

Security Bulletin: IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component has multiple vulnerabilities

2023-06-3006:43:46
www.ibm.com
26
ibm security verify governance
identity manager
ibm db2
security bulletin
denial of service
remote code execution
cve-2023-27559
cve-2021-44280
cve-2023-26022
cve-2023-25930
cve-2023-26021
cve-2023-27555
cve-2023-29255
cve-2023-29257

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.5%

JSON

Summary

Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. IBM Security Verify Governance, Identity Manager virtual appliance component ships with IBM DB2.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Principal Product and Version(s)

|

Affected Supporting Product and Version(s)

|

Affected Supporting Product Security Bulletin

—|—|—

ISVG 10.0.1

|

DB2 V10.5, V11.1, V11.5

|

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. ** **(CVE-2023-27559)

ISVG 10.0.1

|

DB2 V10.5, V11.1, V11.5

|

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. (CVE-2023-26022)

ISVG 10.0.1

|

DB2 V10.5, V11.1, V11.5

|

Security Bulletin: IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. (CVE-2023-25930)

ISVG 10.0.1

|

DB2 V11.1, V11.5

|

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. (CVE-2023-26021)

ISVG 10.0.1

|

DB2 V11.5

|

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers. (CVE-2023-27555)

ISVG 10.0.1|

DB2 V10.5, V11.1, V11.5

|

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as as it may trap when compiling a variation of an anonymous block. (CVE-2023-29255)

ISVG 10.0.1|

DB2 V10.5, V11.1, V11.5

| Security Bulletin: IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. (CVE-2023-29257)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_identity_managerMatch10.0
CPENameOperatorVersion
ibm security identity managereq10.0

Related

ibm 22
cvelist 8
nvd 8
prion 8
cve 8
cnvd 4
nessus 13
ibm
ibm
Security Bulletin: Multiple Vulnerabilities affect Db2 shipped with Cloud Pak System
2023-09-28 10:43:35
Security Bulletin: Vulnerabilities in IBM Db2 may affect IBM Spectrum Protect Server (CVE-2023-29257, CVE-2023-29255, CVE-2023-27555, CVE-2023-26021, CVE-2023-25930, CVE-2023-26022, CVE-2023-27559)
2023-06-21 18:40:37
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to IBM Db2
2023-06-06 15:24:34
cvelist
cvelist
CVE-2021-44280
2021-12-01 12:42:30
CVE-2023-26022 IBM Db2 denial of service
2023-04-28 18:26:55
CVE-2023-26021 IBM Db2 denial of service
2023-04-28 18:23:40
nvd
nvd
CVE-2021-44280
2021-12-01 13:15:07
CVE-2023-29255
2023-04-27 13:15:09
CVE-2023-26021
2023-04-28 19:15:16
prion
prion
Sql injection
2021-12-01 13:15:00
Design/Logic Flaw
2023-04-28 19:15:00
Design/Logic Flaw
2023-04-26 20:15:00
cve
cve
CVE-2021-44280
2021-12-01 13:15:07
CVE-2023-26021
2023-04-28 19:15:16
CVE-2023-26022
2023-04-28 19:15:16
cnvd
cnvd
IBM DB2 Denial of Service Vulnerability (CNVD-2023-64880)
2023-05-08 00:00:00
IBM DB2 Code Execution Vulnerability (CNVD-2023-64883)
2023-05-04 00:00:00
IBM DB2 Denial of Service Vulnerability (CNVD-2023-64881)
2023-05-05 00:00:00
nessus
nessus
IBM DB2 10.5 < 10.5 FP 11 41270 / 11.1 < 11.1.4 FP 7 41268 / 11.5.7 < 11.5.7 FP 0 29113 / 11.5.8 < 11.5.8 FP 0 29133 DoS (Unix)
2023-05-16 00:00:00
IBM DB2 11.1 < 11.1.4 FP 7 41268 / 11.5 < 11.5.7 FP 0 29113 / 11.5 < 11.5.8 FP 0 29133 DoS (Unix)
2023-05-05 00:00:00
IBM DB2 10.5 < 10.5.0 FP 11 41270 / 11.1 < 11.1.4 FP 7 41268 / 11.5 < 11.5.7 FP 0 29113 / 11.5 < 11.5.8 FP 0 29133 DoS (Windows)
2023-05-08 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.5%

JSON
Related for 1D84AF56DE8783EE9A8C136F586443FA754AC4CACC93D6BFAD7FD1281CEC26F3
ibm22cvelist8nvd8prion8cve8cnvd4nessus13