7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.1%
IBM Data Risk Manager (IDRM) 2.0.6.18, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.19. Please see the remediation steps below to apply the fix. All customers are encouraged to act quickly to update their systems.
CVEID:CVE-2023-2454
**DESCRIPTION:**PostgreSQL could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in CREATE SCHEMA … schema_element. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code as the bootstrap superuser on the system.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256215 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2023-2455
**DESCRIPTION:**PostgreSQL could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with row security policies disregard user ID changes after inlining. By sending a specially crafted request, an attacker could exploit this vulnerability to allow incorrect policies to be applied.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256218 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Data Risk Manager | 2.0.6.18 |
IBM encourages customers to update their systems promptly.
To obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.18, and then apply the latest FixPack 2.0.6.19.
Affected Product(s) | Version(s) | Remediation / First Fix |
---|---|---|
IBM Data Risk Manager | 2.0.6.18 | Apply DRM_2.0.6.19_FixPack |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm data risk manager | eq | 2.0.6.18 |
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.1%