Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME32D9B77A7094D9331C8FB4A1F04F0D9870657A54C026B8F150B03F79231428C
HistoryApr 02, 2024 - 8:54 p.m.

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a denial of service due to DB2 JDBC driver (CVE-2023-45178)

2024-04-0220:54:22
www.ibm.com
10
ibm tivoli netcool impact
denial of service
db2 jdbc driver
vulnerability
cve-2023-45178
ibm db2
linux
unix
windows
cli
security bulletin

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

Summary

DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2023-45178
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268073 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool Impact 7.1.0.0 - 7.1.0.32

Remediation/Fixes

Product VRMF APAR Remediation
IBM Tivoli Netcool Impact 7.1.0.33 IJ50199 Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP33

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_netcool\/impactMatch7.1.0
CPENameOperatorVersion
tivoli netcool/impacteq7.1.0

Related

cvelist 1
cve 1
prion 1
nvd 1
ibm 8
cvelist
cvelist
CVE-2023-45178 IBM Db2 denial of service
2023-12-03 17:29:29
cve
cve
CVE-2023-45178
2023-12-03 18:15:42
prion
prion
Design/Logic Flaw
2023-12-03 18:15:00
nvd
nvd
CVE-2023-45178
2023-12-03 18:15:42
ibm
ibm
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)
2024-06-11 17:29:26
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to SQL injection due to Postgresql JDBC driver (CVE-2023-45178)
2024-04-09 19:09:11
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
2023-12-14 07:30:12

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON
Related for E32D9B77A7094D9331C8FB4A1F04F0D9870657A54C026B8F150B03F79231428C
cvelist1cve1prion1nvd1ibm8