5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
74.9%
IBM DB2 is used by IBM Application Performance Management.
CVEID:CVE-2022-43929
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted ‘Load’ command. IBM X-Force ID: 241676.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-43927
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241671 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2014-3577
**DESCRIPTION:**Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject’s Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/95327 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID:CVE-2022-43930
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241677 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud APM, Base Private | 8.1.4 |
IBM Cloud APM, Advanced Private | 8.1.4 |
The vulnerabilities can be remediated by first applying the necessary fixes to your DB2 V10.5, V11.1 or DB2 V11.5 server. The fixes can be accessed from the following security bulletins:
Security Bulletin: IBM® Db2® may be vulnerable to a denial of service when executing a specially crafted ‘Load’ command. (CVE-2022-43929)
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to improper privilege management when a specially crafted table access is used. (CVE-2022-43927)
Security Bulletin: IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. (CVE-2014-3577)
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. (CVE-2022-43930)
To use your updated DB2 V10.5, V11.1 or DB2 V11.5 server with your IBM Cloud Application Performance Management product, apply the 8.1.4.0-IBM-APM-SERVER-IF0004 or later server patch to the system where the Cloud APM server is installed. Interim fixes for the Cloud APM server version 8.1.4 are available to download from IBM Fix Central at this link:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm application performance management | eq | 8.1.3 | |
ibm application performance management | eq | 8.1.4 |
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
74.9%