Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM98C6A149B4D1CA18622C4E588CBF15E42FBE612069D8CB7ACD6A796E8FBA03C5
HistorySep 07, 2023 - 9:37 p.m.

Security Bulletin: Multiple security vulnerabilities Affect IBM Db2 Database Server shipped with IBM OpenPages

2023-09-0721:37:54
www.ibm.com
23
ibm openpages
ibm db2 database server
security vulnerabilities
cve-2023-30447
cve-2023-30446
cve-2023-30443
cve-2023-30448
cve-2023-30445
cve-2023-30449
cve-2023-23487
cve-2023-30431
cve-2023-27869
cve-2023-27867
cve-2023-27868
cve-2023-30442
cve-2023-29256
cve-2023-27558
cve-2023-35012
remediation
ibm openpages with watson
grc platform 8.2
workarounds
mitigations
upgrade

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.3%

JSON

Summary

IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM Db2 Database Server has been published in multiple security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)

IBM OpenPages with Watson

|

9.0, 8.3, 8.2

Remediation/Fixes

The IBM Db2 relevant vulnerabilities are CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449, CVE-2023-23487, CVE-2023-30431, CVE-2023-27869, CVE-2023-27867, CVE-2023-27868, CVE-2023-30442, CVE-2023-29256, CVE-2023-27558 and CVE-2023-35012

Please consult the security bulletins for IBM DB2 Database Server in the Reference section for remediation details.

Principal Product and Version(s) ** **Affected Supporting Product and Version
IBM OpenPages 9.0 IBM DB2 Server 11.5.5
IBM DB2 Server 11.5.8
IBM OpenPages with Watson 8.3 IBM DB2 Server 11.5.5
IBM DB2 Server 11.5.8
IBM OpenPages GRC Platform 8.2 IBM DB2 Server 11.5
IBM DB2 Server 11.1.4.4

For IBM OpenPages GRC Platform 8.0/8.1/8.2 customers, IBM recommends to upgrade to a fixed and supported versions** 8.3 or 9.0** of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmopenpages_with_watsonMatch8.2
OR
ibmopenpages_with_watsonMatch8.3
OR
ibmopenpages_with_watsonMatch9.0

Related

ibm 19
cvelist 14
prion 14
cve 15
nvd 14
cnvd 8
nessus 5
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights
2023-08-18 14:15:30
Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management.
2023-09-13 07:52:16
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
2023-08-09 11:59:04
cvelist
cvelist
CVE-2023-30447 IBM Db2 denial of service
2023-07-08 18:07:15
CVE-2023-30445 IBM Db2 denial of service
2023-07-08 18:28:41
CVE-2023-30442 IBM Db2 denial of service
2023-07-10 00:01:47
prion
prion
Buffer overflow
2023-07-10 16:15:00
Design/Logic Flaw
2023-07-10 16:15:00
Design/Logic Flaw
2023-07-10 16:15:00
cve
cve
CVE-2023-30449
2023-07-10 16:15:52
CVE-2023-30448
2023-07-10 16:15:52
CVE-2023-30443
2023-07-14 17:41:04
nvd
nvd
CVE-2023-35012
2023-07-17 01:15:08
CVE-2023-30446
2023-07-10 16:15:52
CVE-2023-27868
2023-07-10 16:15:50
cnvd
cnvd
IBM DB2 Denial of Service Vulnerability (CNVD-2023-58519)
2023-07-12 00:00:00
IBM DB2 Denial of Service Vulnerability (CNVD-2023-64878)
2023-07-12 00:00:00
IBM DB2 Denial of Service Vulnerability (CNVD-2023-58522)
2023-07-12 00:00:00
nessus
nessus
IBM DB2 Buffer Overflow (7010565) (Windows)
2023-08-03 00:00:00
IBM DB2 DoS (7010561) (Unix)
2023-08-03 00:00:00
IBM DB2 Buffer Overflow (7010565) (Unix)
2023-08-03 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.3%

JSON
Related for 98C6A149B4D1CA18622C4E588CBF15E42FBE612069D8CB7ACD6A796E8FBA03C5
ibm19cvelist14prion14cve15nvd14cnvd8nessus5