IBMF445FD86F7D04E6D5EBACE8B0E391E21D1A14BD678C5AB5099B365860FFAA608Security Bulletin:IBM TRIRIGA Application Platform may be be afftected by known vulnerabilities in db2jcc4.jar (CVE-2007-2582)
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.241 Low
EPSS
Percentile
96.6%
Summary
IBM TRIRIGA Application may be vulnerable to mutiple buffer overflows in DB2
Vulnerability Details
CVEID:CVE-2007-2582
**DESCRIPTION:**Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a “MemTree overflow.”
CVSS Base score: 7
CVSS Vector:
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM TRIRIGA Application | All |
Remediation/Fixes
Product|VRMF|
Remediation/First Fix
—|—|—
IBM TRIRIGA Application Platform| 3.6.1.3| The fix is available for download on FixCentral.
IBM TRIRIGA Application Platform| 3.7.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 3.8.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.0.2| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.1.1| The fix is available for download on FixCentral
Workarounds and Mitigations
None
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.241 Low
EPSS
Percentile
96.6%