7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
31.9%
IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Security Guardium Key Lifecycle Manager | 3.0, 3.0.1, 4.0, 4.1, 4.1.1, 4.2 |
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM Security Key Lifecycle Manager (SKLM) v3.0| IBM Db2 11.1.2.2
IBM Security Key Lifecycle Manager (SKLM) v3.0.1| IBM Db2 11.1.2.2
IBM Security Key Lifecycle Manager (SKLM) v4.0| IBM Db2 11.1.4.4
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1| IBM Db2 11.5.4
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1| IBM Db2 11.5.8
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2| IBM Db2 11.5.8
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
IBM® Db2® is vulnerable to denial of service under extreme stress conditions. (CVE-2023-40692)
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
specially crafted query. (CVE-2023-47701)
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
specially crafted query. (CVE-2023-47701)
used. (CVE-2023-46167)
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v4.1 | Windows |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
Principal Product and Version(s) | Remediation/ Fixes |
---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | |
IBM Security Key Lifecycle Manager (SKLM) v4.1 | AIX |
Linux | |
Windows | |
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | |
IBM Security Key Lifecycle Manager (SKLM) v4.2 |
Please consult following security bulletins from IBM Db2 for more detail:
IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.
Recommendation:
As all these security issues have been fixed in IBM Db2 11.5.9,
i) For SKLMv3.0 and 3.0.1, it is recommended to upgrade to GKLMv4.2(which comes with Db2 11.5.8) and then upgrade Db2 to version
11.5.9.
ii)For SKLMv4.0, SKLMv4.1, GKLMv4.1.1, GKLMv4.2, it is recommended to upgrade GKLM to version GKLMv4.2.1 (which comes
with Db2 11.5.9).
For more information, checkout support matrix - Support Matrix
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
31.9%