Lucene search

IBM7D59D304418C41C44A1DB86382BB2F7FC4F580B40FF4D51D417A5643DF7BDBD2

HistoryJul 25, 2023 - 11:02 a.m.

Security Bulletin: A security vulnerability has been identified in IBM DB2 shipped with IBM Intelligent Operations Center(CVEs - Remediation/Fixes)

2023-07-2511:02:57

www.ibm.com

ibm

db2

vulnerability

intelligent operations center

cve

remediation

fixes

denial of service

audit logging

arbitrary code execution

jdbc driver

federated server

information disclosure

privilege escalation

windows

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.2%

JSON

Summary

BM DB2 shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
Intelligent Operations Center (IOC)	All

Remediation/Fixes

Download the correct version of the fix from the following links as per your current installed DB2 version. Installation instructions for the fix are included in the document that is in the fix package.

Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query (https://www.ibm.com/support/pages/node/7010557)

Security Bulletin: IBM® Db2® is vulnerable to insufficient audit logging. (CVE-2023-23487) (https://www.ibm.com/support/pages/node/7010567)

Security Bulletin: IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431) (https://www.ibm.com/support/pages/node/7010565)

Security Bulletin: IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868) (https://www.ibm.com/support/pages/node/7010029)

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442) (https://www.ibm.com/support/pages/node/7010561)

Security Bulletin: IBM® Db2® is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256) (https://www.ibm.com/support/pages/node/7010573)

Security Bulletin: IBM® Db2® on Windows is vulnerable to privilege escalation. (CVE-2023-27558) (https://www.ibm.com/support/pages/node/7010571)

Security Bulletin: IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution. (CVE-2023-35012) (https://www.ibm.com/support/pages/node/7010747)

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmintelligent_operations_centerMatchany

CPENameOperatorVersion
intelligent operations center (ioc)eqany

CPE	Name	Operator	Version
	intelligent operations center (ioc)	eq	any

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for 7D59D304418C41C44A1DB86382BB2F7FC4F580B40FF4D51D417A5643DF7BDBD2