Lucene search

K
ibmIBM932BBBA4A9FF09C16060C87746CD4412F9EC3B176111B39C3596FC41AAB53513
HistoryApr 05, 2024 - 10:31 p.m.

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

2024-04-0522:31:02
www.ibm.com
11
ibm db2
ibm websphere remote server
sensitive information disclosure
denial of service
open source library vulnerability

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

Summary

IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296, CVE-2024-22360

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM WebSphere Remote Server 9.1, 9.0, 8.5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now. Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM Db2 which is shipped with IBM WebSphere Remote Server.

Principal Product and Version(s)

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

—|—|—

IBM WebSphere Remote Server
8.5, 9.0, 9.1

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)

IBM WebSphere Remote Server
9.0, 9.5

|

IBM Db2

11.1, 11.5

|

IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)

IBM WebSphere Remote Server
9.0

|

IBM Db2

11.1

|

IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file (CVE-2024-25030)

IBM WebSphere Remote Server
9.0, 9.1

|

IBM Db2

11.1, 11.5

|

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)

IBM WebSphere Remote Server
8.5, 9.0, 9.1

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)

IBM WebSphere Remote Server
9.0, 9.1

|

IBM Db2

11.5

|

IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently (CVE-2023-52296)

IBM WebSphere Remote Server
9.0, 9.1

|

IBM Db2

11.5

|

IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphereMatch9.1
OR
ibmwebsphereMatch9.0
OR
ibmwebsphereMatch8.5

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

Related for 932BBBA4A9FF09C16060C87746CD4412F9EC3B176111B39C3596FC41AAB53513