Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDD7BCB0290E21D3700F0976E11F0A7F51A5CA5A32EAA613E19072382D65E28D9
HistoryJan 19, 2022 - 9:32 p.m.

Security Bulletin: IBM Db2® Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2®

2022-01-1921:32:21
www.ibm.com
23
ibm db2 warehouse
information disclosure
user access modification
weak cryptographic algorithms
ibm x-force.

EPSS

0.001

Percentile

46.4%

JSON

Summary

IBM has released the following fix for IBM Db2® Warehouse in response to multiple vulnerabilities found in IBM Db2®.

Vulnerability Details

CVEID:CVE-2021-38931
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210418 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-29678
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.
CVSS Base score: 8.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199914 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)

CVEID:CVE-2021-20373
**DESCRIPTION:**IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195521 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-39002
**DESCRIPTION:**IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213217 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-38926
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210321 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Db2 Warehouse All

Remediation/Fixes

Update your implementation to IBM Db2 Warehouse v11.5.7.0 or later. For information about how to update, see the following topics:

<https://www.ibm.com/docs/en/db2-warehouse?topic=warehouse-updating-db2&gt;

Workarounds and Mitigations

None

Related

ibm 22
nessus 8
prion 5
cve 5
cvelist 5
nvd 5
cnvd 5
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights
2022-03-16 12:11:34
Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Maximo Asset Management
2022-01-12 22:47:20
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with WebSphere Remote Server
2021-12-14 20:39:59
nessus
nessus
IBM DB2 9.7 < 9.7 FP11 40985 / 10.1 < 10.1 FP6 40986 / 10.5 < 10.5 FP11 40988 / 11.1 < 11.1.4 FP6 41025 / 11.5 < 11.5.7 Information Disclosure (Windows)
2022-02-08 00:00:00
IBM DB2 9.7 < 9.7.0 FP11 40985 / 10.1 < 10.1.0 FP6 40986 / 10.5 < 10.5.0 FP11 40988 / 11.1 < 11.1.4 FP6 40997 / 11.5 < 11.5.7 Information Disclosure (Unix)
2022-02-08 00:00:00
IBM DB2 11.1 < 11.1.4 FP 6 41025 / 11.5 < 11.5.7 Information Disclosure (Windows)
2022-01-28 00:00:00
prion
prion
Code injection
2021-12-09 17:15:00
Design/Logic Flaw
2021-12-09 17:15:00
Information disclosure
2021-12-09 17:15:00
cve
cve
CVE-2021-38926
2021-12-09 17:15:07
CVE-2021-29678
2021-12-09 17:15:07
CVE-2021-38931
2021-12-09 17:15:07
cvelist
cvelist
CVE-2021-38926
2021-12-09 17:00:27
CVE-2021-29678
2021-12-09 17:00:26
CVE-2021-38931
2021-12-09 17:00:29
nvd
nvd
CVE-2021-39002
2021-12-09 17:15:07
CVE-2021-38926
2021-12-09 17:15:07
CVE-2021-38931
2021-12-09 17:15:07
cnvd
cnvd
IBM Db2 Information Disclosure Vulnerability (CNVD-2022-08971)
2021-12-13 00:00:00
IBM Db2 Access Control Error Vulnerability
2021-12-12 00:00:00
IBM Db2 Elevation of Privilege Vulnerability (CNVD-2021-99672)
2021-12-12 00:00:00

EPSS

0.001

Percentile

46.4%

JSON
Related for DD7BCB0290E21D3700F0976E11F0A7F51A5CA5A32EAA613E19072382D65E28D9
ibm22nessus8prion5cve5cvelist5nvd5cnvd5