Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB5A80FD23109C6F5FA566F55313D268016E6AF45B6AEA40A043FD0ED630D8848
HistorySep 12, 2024 - 5:50 a.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

2024-09-1205:50:58
www.ibm.com
2
ibm db2
security bulletin
vulnerabilities
ibm security guardium
key lifecycle manager

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

High

JSON

Summary

IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium Key Lifecycle Manager 4.0, 4.1, 4.1.1, 4.2, 4.2.1

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Security Key Lifecycle Manager (SKLM) v4.0 | IBM Db2 11.1.4.4
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.8
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2.1 | IBM Db2 11.5.9

Remediation/Fixes

  1. Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment (CVE-2024-31882) - GKLM/SKLM is not affected

  2. Security Bulletin: IBM® Db2® is affected by vulnerabilities in the open source bcprov-jdk18on library (CVE-2024-30171, CVE-2024-30172, CVE-2024-29857)

Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0

Please consult following security bulletins from IBM Db2 for more detail:

Security Bulletin: IBM® Db2® is affected by vulnerabilities in the open source bcprov-jdk18on library (CVE-2024-30171, CVE-2024-30172, CVE-2024-29857)

IBM Security Key Lifecycle Manager (SKLM) v4.1
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2.1

  1. Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions (CVE-2024-35136)
Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0

Please consult following security bulletins from IBM Db2 for more detail:

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions (CVE-2024-35136)

IBM Security Key Lifecycle Manager (SKLM) v4.1
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2.1

  1. Security Bulletin: IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement (CVE-2024-35152)
Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0

Please consult following security bulletins from IBM Db2 for more detail:

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement (CVE-2024-35152)

IBM Security Key Lifecycle Manager (SKLM) v4.1
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2.1

  1. Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2024-37529)
Principal Product and Version(s) Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v4.0

Please consult following security bulletins from IBM Db2 for more detail:

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2024-37529)

IBM Security Key Lifecycle Manager (SKLM) v4.1
IBM Security Key Lifecycle Manager (SKLM) v4.1.1
IBM Security Key Lifecycle Manager (SKLM) v4.2
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2.1

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardium_key_lifecycle_managerMatch4.0
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.1
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.1.1
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.2
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.2.1
VendorProductVersionCPE
ibmsecurity_guardium_key_lifecycle_manager4.0cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.0:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.1.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.2cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.2.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*

Related

ibm 35
redhat 12
nessus 14
cve 7
cvelist 7
vulnrichment 7
nvd 7
osv 31
atlassian 3
debiancve 3
github 3
veracode 3
wolfi 3
ubuntucve 3
openvas 3
cgr 3
gitlab 6
redhatcve 3
oracle 1
ibm
ibm
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
2024-08-19 19:53:01
Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
2024-08-28 10:52:21
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to a denial of service and a remote authenticated attacker (CVE-2024-29857, CVE-2024-30171 & CVE-2024-30172)
2024-06-17 12:38:07
redhat
redhat
(RHSA-2024:4505) Moderate: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update (RHBQ 3.8.5.GA)
2024-07-11 12:26:39
(RHSA-2024:4326) Moderate: Red Hat build of Quarkus 3.8.5 release and security update
2024-07-08 14:10:09
(RHSA-2024:5481) Important: Red Hat JBoss Enterprise Application Platform 8.0.3 Security update
2024-08-15 20:05:28
nessus
nessus
RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.3 Security update (Important) (RHSA-2024:5481)
2024-08-15 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.3 Security update (Important) (RHSA-2024:5479)
2024-08-15 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.18 Security update (Important) (RHSA-2024:5144)
2024-08-08 00:00:00
cve
cve
CVE-2024-35152
2024-08-14 18:15:12
CVE-2024-37529
2024-08-14 18:15:12
CVE-2024-35136
2024-08-14 18:15:11
cvelist
cvelist
CVE-2024-31882 IBM Db2 denial of service
2024-08-14 17:46:48
CVE-2024-37529 IBM Db2 denial of service
2024-08-14 17:44:03
CVE-2024-35136 IBM Db2 denial of service
2024-08-14 17:36:09
vulnrichment
vulnrichment
CVE-2024-35136 IBM Db2 denial of service
2024-08-14 17:36:09
CVE-2024-37529 IBM Db2 denial of service
2024-08-14 17:44:03
CVE-2024-35152 IBM Db2 denial of service
2024-08-14 17:40:25
nvd
nvd
CVE-2024-37529
2024-08-14 18:15:12
CVE-2024-31882
2024-08-14 18:15:10
CVE-2024-29857
2024-05-14 15:17:02
osv
osv
CGA-4ph3-8p4p-wr86
2024-06-06 12:23:43
CGA-89h2-vv89-63r8
2024-06-06 12:25:12
CGA-xx3m-cg2g-f46r
2024-07-03 00:36:36
atlassian
atlassian
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Confluence Data Center and Server
2024-08-15 20:11:09
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and Server
2024-08-15 20:11:02
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Crowd Data Center and Server
2024-08-15 20:11:00
debiancve
debiancve
CVE-2024-30172
2024-05-14 15:21:53
CVE-2024-30171
2024-05-14 15:21:52
CVE-2024-29857
2024-05-14 15:17:02
github
github
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
2024-05-14 15:32:54
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
2024-05-14 15:32:54
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
2024-05-14 15:32:54
veracode
veracode
Denial Of Service (DoS)
2024-04-25 15:51:36
Denial Of Service (DoS)
2024-04-25 15:54:44
Observable Discrepancy
2024-04-25 15:52:49
wolfi
wolfi
CVE-2024-29857 vulnerabilities
2024-09-19 03:12:25
CVE-2024-30171 vulnerabilities
2024-09-19 03:12:25
CVE-2024-30172 vulnerabilities
2024-09-19 03:12:25
ubuntucve
ubuntucve
CVE-2024-30171
2024-05-14 00:00:00
CVE-2024-30172
2024-05-14 00:00:00
CVE-2024-29857
2024-05-14 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1539-1)
2024-05-07 00:00:00
openSUSE: Security Advisory for bouncycastle (SUSE-SU-2024:1539-2)
2024-06-19 00:00:00
openSUSE: Security Advisory for bouncycastle (SUSE-SU-2024:1539-1)
2024-05-13 00:00:00
cgr
cgr
CVE-2024-30171 vulnerabilities
2024-05-19 03:07:16
CVE-2024-30172 vulnerabilities
2024-05-19 03:07:16
CVE-2024-29857 vulnerabilities
2024-05-19 03:07:16
gitlab
gitlab
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
2024-05-14 00:00:00
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
2024-05-14 00:00:00
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
2024-05-14 00:00:00
redhatcve
redhatcve
CVE-2024-30171
2024-04-22 10:04:51
CVE-2024-29857
2024-06-19 03:52:08
CVE-2024-30172
2024-06-19 03:20:44
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

High

JSON
Related for B5A80FD23109C6F5FA566F55313D268016E6AF45B6AEA40A043FD0ED630D8848
ibm35redhat12nessus14cve7cvelist7vulnrichment7nvd7osv31atlassian3debiancve3github3veracode3wolfi3ubuntucve3openvas3cgr3gitlab6redhatcve3oracle1