5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.9%
Information about security vulnerabilities affecting IBM DB2 and IBM Java has been published in security bulletins. IBM Security Verify Governance - Identity Manager ships with IBM DB2 and IBM Java SDK.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Security Verify Governance Identity Manager Container | ISVG 10.0.2 |
IBM Security Verify Governance, Identity Manager software component | ISVG 10.0.2 |
IBM encourages customers to update their systems promptly.
Principal Product and Version(s)
|
Affected Supporting Product and Version(s)
|
Affected Supporting Product Security Bulletin
—|—|—
ISVG 10.0.2
|
Db2 v11.1, V11.5
|
Security: IBM® Db2® may be vulnerable to a denial of service when executing a specially crafted ‘Load’ command. (CVE-2022-43929)
<https://www.ibm.com/support/pages/node/6953763>
ISVG 10.0.2
|
Db2 v10.5, V11.1, V11.5
|
Security: IBM® Db2® is vulnerable to an information disclosure vulnerability due to improper privilege management when a specially crafted table access is used. (CVE-2022-43927)
<https://www.ibm.com/support/pages/node/6953759>
ISVG 10.0.2
|
Db2 v10.5, V11.1, V11.5
|
Security: IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. (CVE-2014-3577)
<https://www.ibm.com/support/pages/node/6953757>
ISVG 10.0.2
|
Db2 v10.5, V11.1, V11.5 [Windows only]
|
Security: IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. (CVE-2022-43930)
<https://www.ibm.com/support/pages/node/6953755>
ISVG 10.0.2
|
Db2 v11.5
|
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)
<https://www.ibm.com/support/pages/node/7105506>
ISVG 10.0.2
|
Db2 v11.5
|
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-45193)
<https://www.ibm.com/support/pages/node/7105501>
ISVG 10.0.2
|
Db2 v11.5
|
Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure
<https://www.ibm.com/support/pages/node/7105499>
ISVG 10.0.2
|
Db2 v11.5
|
Security Bulletin: IBM® Db2® is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. (CVE-2023-47152)
<https://www.ibm.com/support/pages/node/7105605>
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141)
<https://www.ibm.com/support/pages/node/7105497>
ISVG 10.0.2
|
Db2 v10.5, 11.1, 11.5
|
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47158)
<https://www.ibm.com/support/pages/node/7105496>
Security Bulletin: IBM® Db2® is vulnerable to a privilege escalation to SYSTEM user via MSI repair functionality on Windows (CVE-2023-47145)
<https://www.ibm.com/support/pages/node/7105500>
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using a specially crafted query (CVE-2023-47747)
<https://www.ibm.com/support/pages/node/7105502>
Security Bulletin: IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. (CVE-2023-27859)
<https://www.ibm.com/support/pages/node/7105503>
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used (CVE-2023-47746)
<https://www.ibm.com/support/pages/node/7105505>
ISVG 10.0.2
|
Db2 v10.5, 11.1, 11.5
|
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47158)
<https://www.ibm.com/support/pages/node/7105496>
Security Bulletin: IBM® Db2® is vulnerable to a privilege escalation to SYSTEM user via MSI repair functionality on Windows (CVE-2023-47145)
<https://www.ibm.com/support/pages/node/7105500>
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using a specially crafted query (CVE-2023-47747)
<https://www.ibm.com/support/pages/node/7105502>
Security Bulletin: IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. (CVE-2023-27859)
<https://www.ibm.com/support/pages/node/7105503>
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used (CVE-2023-47746)
<https://www.ibm.com/support/pages/node/7105505>
ISVG 10.0.2
|
Db2 v11.5
|
Security Bulletin: IBM® Db2® is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. (CVE-2023-47152)
<https://www.ibm.com/support/pages/node/7105605>
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141)
<https://www.ibm.com/support/pages/node/7105497>
Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure
<https://www.ibm.com/support/pages/node/7105499>
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-45193)
<https://www.ibm.com/support/pages/node/7105501>
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)
<https://www.ibm.com/support/pages/node/7105506>
ISVG 10.0.2
|
Db2 V10.5, V11.1, V11.5
|
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Oct 2023 CPU)
<https://www.ibm.com/support/pages/node/7105239>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security verify governance | eq | 10.0.2 |
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.9%