7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
42.9%
IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins mentioned below.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Security Guardium Key Lifecycle Manager | 3.0, 3.0.1, 4.0, 4.1, 4.1.1, 4.2 |
IBM encourages customers to update their systems promptly.
IBM® Db2® is vulnerable to denial of service via a specially crafted query on certain databases. (CVE-2023-30987)
Principal Product and Version(s) | ** Db2 Version(s)** | Remediation/ Fixes |
---|---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | IBM Db2 11.1.2.2 | For CVE-2023-30987 details and fix information, please read the following IBM Db2 security bulletin: |
<https://www.ibm.com/support/pages/node/7047560> | ||
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | IBM Db2 11.1.2.2 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | IBM Db2 11.1.4.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.6 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8 |
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Apr 2023 CPU)
Principal Product and Version(s) | ** Db2 Version(s)** | Remediation/ Fixes |
---|---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | IBM Db2 11.1.2.2 | For the April 2023 CPU details and fix information, please read the following IBM Db2 security bulletin: |
<https://www.ibm.com/support/pages/node/7047556> | ||
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | IBM Db2 11.1.2.2 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | IBM Db2 11.1.4.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.6 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8 |
IBM® Db2® is vulnerable to a denial of service with a specially crafted SQL statement (CVE-2023-38740)
Principal Product and Version(s) | ** Db2 Version(s)** | Remediation/ Fixes |
---|---|---|
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4 | For CVE-2023-38740 details and fix information, please read the following IBM Db2 security bulletin: |
<https://www.ibm.com/support/pages/node/7047554> | ||
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.6 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8 |
IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-30991)
Principal Product and Version(s) | ** Db2 Version(s)** | Remediation/ Fixes |
---|---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | IBM Db2 11.1.2.2 | For CVE-2023-30991 details and fix information, please read the following IBM Db2 security bulletin: |
<https://www.ibm.com/support/pages/node/7047499> | ||
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | IBM Db2 11.1.2.2 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | IBM Db2 11.1.4.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.6 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8 |
IBM® Db2® is vulnerable to denial of service with a specially crafted ALTER TABLE statement (CVE-2023-38720)
Principal Product and Version(s) | ** Db2 Version(s)** | Remediation/ Fixes |
---|---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | IBM Db2 11.1.2.2 | For CVE-2023-38720 details and fix information, please read the following IBM Db2 security bulletin: |
<https://www.ibm.com/support/pages/node/7047489> | ||
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | IBM Db2 11.1.2.2 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | IBM Db2 11.1.4.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.6 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8 |
IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)
Principal Product and Version(s) | ** Db2 Version(s)** | Remediation/ Fixes |
---|---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | IBM Db2 11.1.2.2 | For CVE-2023-33850 details and fix information, please read the following IBM Db2 security bulletin: |
<https://www.ibm.com/support/pages/node/7047481> | ||
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | IBM Db2 11.1.2.2 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | IBM Db2 11.1.4.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.6 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8 |
IBM® Db2® is vulnerable to denial of service with a specially crafted query statement. (CVE-2023-40374)
Principal Product and Version(s) | ** Db2 Version(s)** | Remediation/ Fixes |
---|---|---|
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4 | For CVE-2023-40374 details and fix information, please read the following IBM Db2 security bulletin: |
<https://www.ibm.com/support/pages/node/7047261> | ||
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.6 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8 |
IBM® Db2® is vulnerable to denial of service with a specially crafted XML query statement (CVE-2023-38728)
Principal Product and Version(s) | ** Db2 Version(s)** | Remediation/ Fixes |
---|---|---|
IBM Security Key Lifecycle Manager (SKLM) v3.0 | IBM Db2 11.1.2.2 | For CVE-2023-38728 details and fix information, please read the following IBM Db2 security bulletin: |
<https://www.ibm.com/support/pages/node/7047478> | ||
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | IBM Db2 11.1.2.2 | |
IBM Security Key Lifecycle Manager (SKLM) v4.0 | IBM Db2 11.1.4.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | IBM Db2 11.5.4 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | IBM Db2 11.5.6 | |
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | IBM Db2 11.5.8 |
More information can be found here: https://www.ibm.com/support/pages/node/28146
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
42.9%