Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4FCD4D08676BE6963D17D1141918BC8F470ADCB2D7F15EC51B5EDDEB0F777796
HistoryJul 18, 2023 - 8:54 p.m.

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

2023-07-1820:54:53
www.ibm.com
6
ibm db2
ibm websphere remote server
vulnerabilities
cve-2023-30447
cve-2023-30446
cve-2023-30443
cve-2023-30448
cve-2023-30445
cve-2023-30449
cve-2023-23487
cve-2023-30431
cve-2023-27869
cve-2023-27867
cve-2023-27868
cve-2023-30442
cve-2023-29256
cve-2023-27558
cve-2023-35012
security bulletin
patch

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.2%

JSON

Summary

IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin ( CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449, CVE-2023-23487, CVE-2023-30431, CVE-2023-27869, CVE-2023-27867, CVE-2023-27868, CVE-2023-30442, CVE-2023-29256, CVE-2023-27558, CVE-2023-35012 ).

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM WebSphere Remote Server 9.0, 8.5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now. Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM Db2 which is shipped with IBM WebSphere Remote Server.

Principal Product and Version(s)

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

—|—|—

IBM WebSphere Remote Server

8.5, 9.0

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query (CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449)

IBM WebSphere Remote Server

9.0

|

IBM Db2

11.1, 11.5

|

IBM® Db2® is vulnerable to insufficient audit logging. (CVE-2023-23487)

IBM WebSphere Remote Server

8.5, 9.0

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431)

IBM WebSphere Remote Server

8.5, 9.0

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868)

IBM WebSphere Remote Server

9.0

|

IBM Db2

11.1, 11.5

|

IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442)

IBM WebSphere Remote Server

8.5, 9.0

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256)

IBM WebSphere Remote Server

8.5, 9.0

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® on Windows is vulnerable to privilege escalation. (CVE-2023-27558)

IBM WebSphere Remote Server

9.0

|

IBM Db2

11.5

|

IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution. (CVE-2023-35012)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphere_application_serverMatch9.0
OR
ibmwebsphere_application_serverMatch8.5

Related

ibm 19
cvelist 14
prion 14
cve 15
nvd 14
cnvd 8
nessus 5
ibm
ibm
Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management.
2023-09-13 07:52:16
Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights
2023-08-18 14:15:30
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
2023-08-09 11:59:04
cvelist
cvelist
CVE-2023-30447 IBM Db2 denial of service
2023-07-08 18:07:15
CVE-2023-30442 IBM Db2 denial of service
2023-07-10 00:01:47
CVE-2023-30445 IBM Db2 denial of service
2023-07-08 18:28:41
prion
prion
Buffer overflow
2023-07-10 16:15:00
Stack overflow
2023-07-17 01:15:00
Code injection
2023-07-10 16:15:00
cve
cve
CVE-2023-27867
2023-07-10 16:15:50
CVE-2023-30449
2023-07-10 16:15:52
CVE-2023-30442
2023-07-10 16:15:51
nvd
nvd
CVE-2023-30446
2023-07-10 16:15:52
CVE-2023-35012
2023-07-17 01:15:08
CVE-2023-27868
2023-07-10 16:15:50
cnvd
cnvd
IBM DB2 Denial of Service Vulnerability (CNVD-2023-58519)
2023-07-12 00:00:00
IBM DB2 Denial of Service Vulnerability (CNVD-2023-58522)
2023-07-12 00:00:00
IBM DB2 Denial of Service Vulnerability (CNVD-2023-64879)
2023-07-12 00:00:00
nessus
nessus
IBM DB2 Buffer Overflow (7010565) (Windows)
2023-08-03 00:00:00
IBM DB2 Buffer Overflow (7010565) (Unix)
2023-08-03 00:00:00
IBM DB2 DoS (7010561) (Unix)
2023-08-03 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.2%

JSON
Related for 4FCD4D08676BE6963D17D1141918BC8F470ADCB2D7F15EC51B5EDDEB0F777796
ibm19cvelist14prion14cve15nvd14cnvd8nessus5