Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2AB07BBE7F4D6D3D5726D62D886885B8AE4A311F0183F2509574EE5ABE0A303D
HistoryAug 19, 2024 - 7:53 p.m.

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

2024-08-1919:53:01
www.ibm.com
5
ibm db2
ibm websphere remote server
cve-2024-31882
cve-2024-29857
cve-2024-30172
cve-2024-30171
cve-2024-35136
cve-2024-35152
cve-2024-37529

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0

Percentile

16.4%

JSON

Summary

IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2024-31882, CVE-2024-29857, CVE-2024-30172, CVE-2024-30171, CVE-2024-35136, CVE-2024-35152, CVE-2024-37529

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM WebSphere Remote Server 9.1, 9.0, 8.5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now. Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM Db2 which is shipped with IBM WebSphere Remote Server.

Principal Product and Version(s)

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

—|—|—

IBM WebSphere Remote Server
9.0, 9.1

|

IBM Db2

11.1, 11.5

|

IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment (CVE-2024-31882)

IBM WebSphere Remote Server
9.0, 9.1

|

IBM Db2

11.5

|

IBM® Db2® is affected by vulnerabilities in the open source bcprov-jdk18on library (CVE-2024-30171, CVE-2024-30172, CVE-2024-29857)

IBM WebSphere Remote Server
8.5, 9.0, 9.1

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions (CVE-2024-35136)

IBM WebSphere Remote Server
9.0, 9.1

|

IBM Db2

11.5

|

IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement (CVE-2024-35152)

IBM WebSphere Remote Server
9.0, 9.1

|

IBM Db2

11.1, 11.5

|

IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2024-37529)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphere_remote_serverMatch9.1
OR
ibmwebsphere_remote_serverMatch9.0
OR
ibmwebsphere_remote_serverMatch8.5
VendorProductVersionCPE
ibmwebsphere_remote_server9.1cpe:2.3:a:ibm:websphere_remote_server:9.1:*:*:*:*:*:*:*
ibmwebsphere_remote_server9.0cpe:2.3:a:ibm:websphere_remote_server:9.0:*:*:*:*:*:*:*
ibmwebsphere_remote_server8.5cpe:2.3:a:ibm:websphere_remote_server:8.5:*:*:*:*:*:*:*

Related

ibm 34
redhat 6
nessus 14
cve 7
cvelist 7
vulnrichment 7
osv 31
nvd 7
veracode 3
wolfi 3
debiancve 3
github 3
ubuntucve 3
cgr 3
openvas 3
gitlab 6
atlassian 1
redhatcve 3
oracle 1
ibm
ibm
Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
2024-08-28 10:52:21
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
2024-09-12 05:50:58
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to a denial of service and a remote authenticated attacker (CVE-2024-29857, CVE-2024-30171 & CVE-2024-30172)
2024-06-17 12:38:07
redhat
redhat
(RHSA-2024:4505) Moderate: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update (RHBQ 3.8.5.GA)
2024-07-11 12:26:39
(RHSA-2024:5145) Important: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
2024-08-08 17:17:22
(RHSA-2024:5143) Important: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
2024-08-08 17:17:16
nessus
nessus
RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.3 Security update (Important) (RHSA-2024:5481)
2024-08-15 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.3 Security update (Important) (RHSA-2024:5479)
2024-08-15 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.18 Security update (Important) (RHSA-2024:5144)
2024-08-08 00:00:00
cve
cve
CVE-2024-35152
2024-08-14 18:15:12
CVE-2024-37529
2024-08-14 18:15:12
CVE-2024-35136
2024-08-14 18:15:11
cvelist
cvelist
CVE-2024-31882 IBM Db2 denial of service
2024-08-14 17:46:48
CVE-2024-37529 IBM Db2 denial of service
2024-08-14 17:44:03
CVE-2024-35136 IBM Db2 denial of service
2024-08-14 17:36:09
vulnrichment
vulnrichment
CVE-2024-35136 IBM Db2 denial of service
2024-08-14 17:36:09
CVE-2024-37529 IBM Db2 denial of service
2024-08-14 17:44:03
CVE-2024-35152 IBM Db2 denial of service
2024-08-14 17:40:25
osv
osv
CGA-4ph3-8p4p-wr86
2024-06-06 12:23:43
CGA-xx3m-cg2g-f46r
2024-07-03 00:36:36
CGA-89h2-vv89-63r8
2024-06-06 12:25:12
nvd
nvd
CVE-2024-29857
2024-05-14 15:17:02
CVE-2024-37529
2024-08-14 18:15:12
CVE-2024-31882
2024-08-14 18:15:10
veracode
veracode
Denial Of Service (DoS)
2024-04-25 15:51:36
Observable Discrepancy
2024-04-25 15:52:49
Denial Of Service (DoS)
2024-04-25 15:54:44
wolfi
wolfi
CVE-2024-29857 vulnerabilities
2024-09-17 09:12:43
CVE-2024-30171 vulnerabilities
2024-09-17 09:12:43
CVE-2024-30172 vulnerabilities
2024-09-17 09:12:43
debiancve
debiancve
CVE-2024-30172
2024-05-14 15:21:53
CVE-2024-30171
2024-05-14 15:21:52
CVE-2024-29857
2024-05-14 15:17:02
github
github
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
2024-05-14 15:32:54
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
2024-05-14 15:32:54
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
2024-05-14 15:32:54
ubuntucve
ubuntucve
CVE-2024-30171
2024-05-14 00:00:00
CVE-2024-30172
2024-05-14 00:00:00
CVE-2024-29857
2024-05-14 00:00:00
cgr
cgr
CVE-2024-30171 vulnerabilities
2024-05-19 03:07:16
CVE-2024-30172 vulnerabilities
2024-05-19 03:07:16
CVE-2024-29857 vulnerabilities
2024-05-19 03:07:16
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1539-1)
2024-05-07 00:00:00
openSUSE: Security Advisory for bouncycastle (SUSE-SU-2024:1539-1)
2024-05-13 00:00:00
openSUSE: Security Advisory for bouncycastle (SUSE-SU-2024:1539-2)
2024-06-19 00:00:00
gitlab
gitlab
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
2024-05-14 00:00:00
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
2024-05-14 00:00:00
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
2024-05-14 00:00:00
atlassian
atlassian
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and Server
2024-08-15 20:11:02
redhatcve
redhatcve
CVE-2024-29857
2024-06-19 03:52:08
CVE-2024-30171
2024-04-22 10:04:51
CVE-2024-30172
2024-06-19 03:20:44
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0

Percentile

16.4%

JSON
Related for 2AB07BBE7F4D6D3D5726D62D886885B8AE4A311F0183F2509574EE5ABE0A303D
ibm34redhat6nessus14cve7cvelist7vulnrichment7osv31nvd7veracode3wolfi3debiancve3github3ubuntucve3cgr3openvas3gitlab6atlassian1redhatcve3oracle1