Lucene search

IBM932BBBA4A9FF09C16060C87746CD4412F9EC3B176111B39C3596FC41AAB53513

HistoryApr 05, 2024 - 10:31 p.m.

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

2024-04-0522:31:02

www.ibm.com

ibm db2

ibm websphere remote server

sensitive information disclosure

denial of service

open source library vulnerability

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON

Summary

IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296, CVE-2024-22360

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM WebSphere Remote Server	9.1, 9.0, 8.5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now. Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM Db2 which is shipped with IBM WebSphere Remote Server.

Principal Product and Version(s)

Affected Supporting Product and Version

Affected Supporting Product Security Bulletin

—|—|—

IBM WebSphere Remote Server
8.5, 9.0, 9.1

IBM Db2

10.5, 11.1, 11.5

IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)

IBM WebSphere Remote Server
9.0, 9.5

IBM Db2

11.1, 11.5

IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)

IBM WebSphere Remote Server
9.0

IBM Db2

11.1

IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file (CVE-2024-25030)

IBM WebSphere Remote Server
9.0, 9.1

IBM Db2

11.1, 11.5

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)

IBM WebSphere Remote Server
8.5, 9.0, 9.1

IBM Db2

10.5, 11.1, 11.5

IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)

IBM WebSphere Remote Server
9.0, 9.1

IBM Db2

11.5

IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently (CVE-2023-52296)

IBM WebSphere Remote Server
9.0, 9.1

IBM Db2

11.5

IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmwebsphereMatch9.1

ibmwebsphereMatch9.0

ibmwebsphereMatch8.5

CPENameOperatorVersion
ibm websphere remote servereq9.1
ibm websphere remote servereq9.0
ibm websphere remote servereq8.5

Name	Operator	Version
ibm websphere remote server	eq	9.1
ibm websphere remote server	eq	9.0
ibm websphere remote server	eq	8.5

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for 932BBBA4A9FF09C16060C87746CD4412F9EC3B176111B39C3596FC41AAB53513