Lucene search

IBMC3B62F91C41B5B7011F82E07082809AC2675B33DF5844F5C8F8B0C4EB57F34DC

HistorySep 05, 2023 - 10:25 p.m.

Security Bulletin: Security vulnerabilities identified in IBM DB2 used by IBM Security Verify Governance - Identity Manager

2023-09-0522:25:18

www.ibm.com

ibm security verify

db2

vulnerabilities

identity manager

security bulletin

denial of service

remote code execution

information disclosure

privilege escalation

arbitrary code execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.2%

JSON

Summary

IBM Security Verify Governance - Identity Manager supports IBM DB2 database. See this security bulletin for information about multiple vulnerabilities affecting IBM DB2.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)

IBM Security Verify Governance, Identity Manager

(software component)

ISVG 10.0.0 (All fix packs)
ISVG 10.0.1 (All fix packs)

IBM Security Verify Governance, Identity Manager

(virtual appliance component)

ISVG 10.0.0 (All fix packs)
ISVG 10.0.1 (All fix packs)

Remediation/Fixes

IBM encourages customers to quickly apply all the fixes to update their systems.

Principal Product and Version(s)	Affected Supporting Product and Version(s)	Affected Supporting Product Security Bulletin

ISVG 10.0.0.X -

Identity Manager (All fix packs)

ISVG 10.0.1.X - Identity Manager (All fix packs)

DB2 versions

V10.5
V11.1
V11.5
|

Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query
(<https://www.ibm.com/support/pages/node/7010557>)

Security Bulletin: IBM® Db2® is vulnerable to insufficient audit logging. (CVE-2023-23487)
(<https://www.ibm.com/support/pages/node/7010567>)

Security Bulletin: IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431)
(<https://www.ibm.com/support/pages/node/7010565>)

Security Bulletin: IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868)
(<https://www.ibm.com/support/pages/node/7010029>)

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442)
(<https://www.ibm.com/support/pages/node/7010561>)

Security Bulletin: IBM® Db2® is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256)
(<https://www.ibm.com/support/pages/node/7010573>)

Security Bulletin: IBM® Db2® on Windows is vulnerable to privilege escalation. (CVE-2023-27558)
(<https://www.ibm.com/support/pages/node/7010571>)

Security Bulletin: IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution. (CVE-2023-35012)
(<https://www.ibm.com/support/pages/node/7010747>)

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_identity_managerMatch10.0.0.3

CPENameOperatorVersion
ibm security identity managereq10.0.0.3

CPE	Name	Operator	Version
	ibm security identity manager	eq	10.0.0.3

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for C3B62F91C41B5B7011F82E07082809AC2675B33DF5844F5C8F8B0C4EB57F34DC