Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM48F9CBFD1BE08EC84591273755E4E428276DE6598991C694A63B65AAA2761EBF
HistorySep 20, 2021 - 5:22 a.m.

Security Bulletin: IBM Db2 Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-29702)

2021-09-2005:22:58
www.ibm.com
8

0.002 Low

EPSS

Percentile

55.4%

JSON

Summary

An IBM Db2 Server vulnerability affects IBM Emptoris Contract Management.

Vulnerability Details

CVEID:CVE-2021-29702
**DESCRIPTION:**Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200658 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Emptoris Contract Management 10.1.3.x,10.1.1.x, 10.1.0.x

Remediation/Fixes

Product Name Versions affected IBM Emptoris iFix or fix pack certified IBM Db2 remediation patches
IBM Emptoris Contract Management 10.1.0.x 10.1.0.39 <https://www.ibm.com/support/pages/node/6463985&gt;
IBM Emptoris Contract Management 10.1.1.x 10.1.1.36 <https://www.ibm.com/support/pages/node/6463985&gt;
IBM Emptoris Contract Management 10.1.3.x 10.1.3.31 <https://www.ibm.com/support/pages/node/6463985&gt;
Note-
IBM Db2 published security patches for each DB2 supported version to address CVEs raised for IBM Db2 database.
IBM Emptoris qualified those IBM Db2 remediation patches ,mentioned in Column (IBM Db2 remediation patches )on those particular Emptoris fix pack versions mentioned in Column(IBM Emptoris iFix or fix pack certified ).

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html&gt;) to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

17 Sep 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Product”:{“code”:“SSYQ89”,“label”:“Emptoris Contract Management”},“Component”:“”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“10.1.0.x,10.1.1.x,10.1.3.x”,“Edition”:“”,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}}]

Related

ibm 8
cvelist 1
prion 1
nvd 1
cve 1
ibm
ibm
Security Bulletin: IBM Db2 Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-29702)
2021-09-20 05:21:52
Security Bulletin: IBM Db2 Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Mgmt (CVE-2021-29702)
2021-09-20 05:18:43
Security Bulletin: IBM Db2 Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-29702)
2021-09-20 05:17:28
cvelist
cvelist
CVE-2021-29702
2021-06-15 00:00:00
prion
prion
Design/Logic Flaw
2021-06-16 17:15:00
nvd
nvd
CVE-2021-29702
2021-06-16 17:15:07
cve
cve
CVE-2021-29702
2021-06-16 17:15:07

0.002 Low

EPSS

Percentile

55.4%

JSON
Related for 48F9CBFD1BE08EC84591273755E4E428276DE6598991C694A63B65AAA2761EBF
ibm8cvelist1prion1nvd1cve1