Lucene search

K
ibmIBMDB663B99D818E3FFF620BB90A930212671502684C77639C4F47A6D063F462C14
HistoryApr 05, 2024 - 8:23 a.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.

2024-04-0508:23:20
www.ibm.com
5
ibm db2
intelligent operations center
security vulnerabilities
cve-2023-38729
cve-2012-2677
cve-2024-25030
cve-2024-25046
cve-2024-27254
cve-2023-52296
cve-2024-22360
fix pack
information disclosure
denial of service

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

Summary

IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin (CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296, CVE-2024-22360)

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
Intelligent Operations Center (IOC) V5.1.0, V5.1.0.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, V5.1.0.5, V5.1.0.6, V5.1.0.7, V5.1.0.8, V5.1.0.9, V5.1.0.10, V5.1.0.11, V5.1.0.12, V5.1.0.13, V5.1.0.14, 5.2, 5.2.1, 5.2.2,5.2.3,5.2.4

Remediation/Fixes

Multiple vulnerabilities with different CVEs with different versions of IBM DB2 for Linux, UNIX and Windows has been raised.

Download the correct version of the fix pack from the following links as per your current installed DB2 version. Installation instructions for the fix are included in the document that is in the fix package.

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)
<https://www.ibm.com/support/pages/node/7145721&gt;
Versions Affected: V10.5, v11.1 and V11.5

Security Bulletin: IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)
<https://www.ibm.com/support/pages/node/7145724&gt;
Versions Affected: v11.1 and V11.5

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file (CVE-2024-25030)
<https://www.ibm.com/support/pages/node/7145725&gt;
Versions Affected: v11.1

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)
<https://www.ibm.com/support/pages/node/7145726&gt;
Versions Affected: v11.1 and V11.5

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)
<https://www.ibm.com/support/pages/node/7145727&gt;
Versions Affected: V10.5, v11.1 and V11.5

Security Bulletin: IBM® Db2® is vulnerable to denial of service when querying a specific UDF built-in function concurrently (CVE-2023-52296)
<https://www.ibm.com/support/pages/node/7145722&gt;
Versions Affected: v11.5

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)
<https://www.ibm.com/support/pages/node/7145730&gt;
Versions Affected: v11.5

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmintelligent_operations_centerMatch5.1.0
OR
ibmintelligent_operations_centerMatch5.1.0.1
OR
ibmintelligent_operations_centerMatch5.1.0.2
OR
ibmintelligent_operations_centerMatch5.1.0.3
OR
ibmintelligent_operations_centerMatch5.1.0.4
OR
ibmintelligent_operations_centerMatch5.1.0.5
OR
ibmintelligent_operations_centerMatch5.1.0.6
OR
ibmintelligent_operations_centerMatch5.1.0.7
OR
ibmintelligent_operations_centerMatch5.1.0.8
OR
ibmintelligent_operations_centerMatch5.1.0.9
OR
ibmintelligent_operations_centerMatch5.1.0.10
OR
ibmintelligent_operations_centerMatch5.1.0.11
OR
ibmintelligent_operations_centerMatch5.1.0.12
OR
ibmintelligent_operations_centerMatch5.1.0.13
OR
ibmintelligent_operations_centerMatch5.1.0.14
OR
ibmintelligent_operations_centerMatch5.2
OR
ibmintelligent_operations_centerMatch5.2.1
OR
ibmintelligent_operations_centerMatch5.2.2
OR
ibmintelligent_operations_centerMatch5.2.3
OR
ibmintelligent_operations_centerMatch5.2.4

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

Related for DB663B99D818E3FFF620BB90A930212671502684C77639C4F47A6D063F462C14