7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
42.9%
Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms (TSAMP) shipped as a component of IBM Db2.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
TSAMP included in IBM DB2 and DB2 Connect V10.5, V11.1, and V11.5 editions listed below on all platforms:
Affected Product(s) | Version(s) | Applicable Editions |
---|---|---|
IBM® Db2® |
10.5.0 - 10.5.11
|
Server
IBM® Db2®|
11.1.4 - 11.1.4.7
|
Server
IBM® Db2®|
11.5.0 - 11.5.9
|
Server
Only users of TSAMP are affected by this vulnerability.
If you use the TSAMP included with Db2, then obtain the updated and remediated version of TSAMP from Fix Central (v.4 1).
Follow the remediation instructions in Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli System Automation for Multiplatforms.
IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.
None
CPE | Name | Operator | Version |
---|---|---|---|
db2 for linux, unix and windows | eq | 10.5 | |
db2 for linux, unix and windows | eq | 11.1 | |
db2 for linux, unix and windows | eq | 11.5 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
42.9%