Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5CBA0D49E702851A7F671BBD8D685D919A26DDDE81AFB36DE11223D152DBADAE
HistoryMay 17, 2024 - 12:03 p.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager (April 2024)

2024-05-1712:03:54
www.ibm.com
7
ibm security guardium
key lifecycle manager
ibm db2
vulnerability
sensitive information disclosure
boost library
log file

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON

Summary

IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium Key Lifecycle Manager 4.0, 4.1, 4.1.1, 4.2, 4.2.1

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Security Key Lifecycle Manager (SKLM) v4.0 | IBM Db2 11.1.4.4
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.8
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.9

Remediation/Fixes

  1. IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)
Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0 Not Affected
IBM Security Key Lifecycle Manager (SKLM) v4.1
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Key Lifecycle Manager (SKLM) v4.2.1

Please consult following security bulletins from IBM Db2 for more detail:

IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)

  1. IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)

Only GKLM running on Linux platform is impacted.

Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0 Linux
IBM Security Key Lifecycle Manager (SKLM) v4.1 Linux
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Key Lifecycle Manager (SKLM) v4.2.1 Linux

Please consult following security bulletins from IBM Db2 for more detail:

IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)

  1. IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file (CVE-2024-25030)

Only GKLM 4.0 running on Linux platform is impacted.

Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0 Linux
IBM Security Key Lifecycle Manager (SKLM) v4.1 Not Affected
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Key Lifecycle Manager (SKLM) v4.2.1 Not Affetced

Please consult following security bulletins from IBM Db2 for more detail:

IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file (CVE-2024-25030)

  1. IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)
Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0

AIX
Linux
Windows

IBM Security Key Lifecycle Manager (SKLM) v4.1 |

AIX
Linux
Windows

IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Key Lifecycle Manager (SKLM) v4.2.1 |

AIX
Linux
Windows

Please consult following security bulletins from IBM Db2 for more detail:

IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)

  1. IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)
Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0 AIX
Linux
Windows
IBM Security Key Lifecycle Manager (SKLM) v4.1 AIX
Linux
Windows
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Key Lifecycle Manager (SKLM) v4.2.1 AIX
Linux
Windows

Please consult following security bulletins from IBM Db2 for more detail:

IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)

  1. IBM® Db2® is vulnerable to denial of service when querying a specific UDF built-in function concurrently (CVE-2023-52296)
Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0 Not Affected
IBM Security Key Lifecycle Manager (SKLM) v4.1 AIX
Linux
Windows
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Key Lifecycle Manager (SKLM) v4.2.1 AIX
Linux
Windows

Please consult following security bulletins from IBM Db2 for more detail:

IBM® Db2® is vulnerable to denial of service when querying a specific UDF built-in function concurrently (CVE-2023-52296)

  1. IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)
Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0 Not Affetced
IBM Security Key Lifecycle Manager (SKLM) v4.1
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Key Lifecycle Manager (SKLM) v4.2.1

Please consult following security bulletins from IBM Db2 for more detail:

IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardium_key_lifecycle_managerMatch4.0
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.1
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.1.1
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.2
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.2.1
OR
ibmsecurity_key_lifecycle_managerMatch4.0
OR
ibmsecurity_key_lifecycle_managerMatch4.1
OR
ibmsecurity_key_lifecycle_managerMatch4.1.1
OR
ibmsecurity_key_lifecycle_managerMatch4.2
OR
ibmsecurity_key_lifecycle_managerMatch4.2.1

Related

ibm 12
nessus 18
cve 7
cvelist 7
vulnrichment 2
nvd 7
f5 2
openvas 12
prion 1
redhat 1
veracode 1
centos 1
ubuntucve 1
oraclelinux 1
gentoo 1
ibm
ibm
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
2024-04-05 22:31:02
Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.
2024-04-05 08:23:20
Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by ISVG - Identity Manager have multiple vulnerabilities
2024-04-17 07:17:22
nessus
nessus
IBM DB2 Multiple Vulnerabilities (7145722, 7145730) (Unix)
2024-06-07 00:00:00
IBM DB2 Multiple Vulnerabilities (7145722, 7145730) (Windows)
2024-06-07 00:00:00
IBM DB2 Multiple Vulnerabilities (7145721, 7145727) (Windows)
2024-06-07 00:00:00
cve
cve
CVE-2024-25030
2024-04-03 13:16:01
CVE-2023-38729
2024-04-03 13:16:00
CVE-2024-25046
2024-04-03 13:16:01
cvelist
cvelist
CVE-2023-38729 IBM Db2 for Linux, UNIX and Windows information disclosure
2024-04-03 12:27:36
CVE-2024-25030
2024-04-03 12:14:19
CVE-2024-27254 IBM Db2 for Linux, UNIX and Windows denial of service
2024-04-03 12:24:05
vulnrichment
vulnrichment
CVE-2024-27254 IBM Db2 for Linux, UNIX and Windows denial of service
2024-04-03 12:24:05
CVE-2023-52296 IBM Db2 for Linux, UNIX and Windows denial of service
2024-04-03 12:30:40
nvd
nvd
CVE-2024-27254
2024-04-03 13:16:02
CVE-2024-25030
2024-04-03 13:16:01
CVE-2023-52296
2024-04-03 13:16:00
f5
f5
SOL16946 - Boost memory allocator vulnerability CVE-2012-2677
2015-07-10 00:00:00
K16946 : Boost memory allocator vulnerability CVE-2012-2677
2015-09-15 00:00:00
openvas
openvas
CentOS Update for boost CESA-2013:0668 centos5
2013-03-22 00:00:00
Oracle: Security Advisory (ELSA-2013-0668)
2015-10-06 00:00:00
RedHat Update for boost RHSA-2013:0668-01
2013-03-22 00:00:00
prion
prion
Integer overflow
2012-07-25 19:55:00
redhat
redhat
(RHSA-2013:0668) Moderate: boost security update
2013-03-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:00:37
centos
centos
boost security update
2013-03-21 19:01:31
ubuntucve
ubuntucve
CVE-2012-2677
2012-07-25 00:00:00
oraclelinux
oraclelinux
boost security update
2013-03-21 00:00:00
gentoo
gentoo
Boost: Buffer overflow
2021-05-26 00:00:00

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON
Related for 5CBA0D49E702851A7F671BBD8D685D919A26DDDE81AFB36DE11223D152DBADAE
ibm12nessus18cve7cvelist7vulnrichment2nvd7f52openvas12prion1redhat1veracode1centos1ubuntucve1oraclelinux1gentoo1