Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFFE89D8502810C976F7BAFE0A825C06746BC388F9DA7CF5B6128FC9E63BDD49D
HistoryJun 18, 2024 - 8:03 p.m.

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

2024-06-1820:03:13
www.ibm.com
2
ibm
db2
vulnerabilities
websphere
remote server
security
bulletin
cve-2023-45853
cve-2023-29267
cve-2024-25710
cve-2024-26308
cve-2023-45178
cve-2024-28762
cve-2024-28757
cve-2024-29025
cve-2024-29131
cve-2024-29133
cve-2024-31880
cve-2024-31881
version 8.5
version 9.0
version 9.1
fix
denial of service
open source
zlib library
trap
commons-compress library
specially crafted request
cli
query
nse
crash
statement
workarounds
mitigations

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

JSON

Summary

IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025, CVE-2024-29131, CVE-2024-29133, CVE-2024-31880, CVE-2024-31881

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM WebSphere Remote Server 9.1, 9.0, 8.5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now. Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM Db2 which is shipped with IBM WebSphere Remote Server.

Principal Product and Version(s)

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

—|—|—

IBM WebSphere Remote Server
8.5, 9.0, 9.1

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® is affected by a vulnerability in the open source zlib library. (CVE-2023-45853)

IBM WebSphere Remote Server
9.0, 9.1

|

IBM Db2

11.1, 11.5

|

IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. (CVE-2023-29267)

IBM WebSphere Remote Server
9.1

|

IBM Db2

11.5

|

IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library. (CVE-2024-25710, CVE-2024-26308)

IBM WebSphere Remote Server
9.1

|

IBM Db2

11.5

|

IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)

IBM WebSphere Remote Server
8.5, 9.0, 9.1

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. (CVE-2024-28762)

IBM WebSphere Remote Server
8.5, 9.0

|

IBM Db2

10.5, 11.1

|

IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)

IBM WebSphere Remote Server
9.1

|

IBM Db2

11.5

|

IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library. (CVE-2024-29025)

IBM WebSphere Remote Server
9.0, 9.1

|

IBM Db2

11.1, 11.5

|

IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library. (CVE-2024-29131, CVE-2024-29133)

IBM WebSphere Remote Server
8.5, 9.0, 9.1

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)

IBM WebSphere Remote Server
8.5, 9.0, 9.1

|

IBM Db2

10.5, 11.1, 11.5

|

IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables. (CVE-2024-31881)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphere_application_serverMatch9.1
OR
ibmwebsphere_application_serverMatch9.0
OR
ibmwebsphere_application_serverMatch8.5

Related

ibm 44
openvas 24
nessus 25
fedora 5
redhat 6
nvd 9
cvelist 10
cve 10
ubuntucve 4
osv 11
cgr 4
veracode 5
slackware 1
atlassian 2
cnvd 2
githubexploit 3
redhatcve 7
vulnrichment 1
prion 3
debiancve 6
github 5
wolfi 5
cbl_mariner 2
f5 1
redos 1
alpinelinux 1
aix 1
cloudlinux 1
ibm
ibm
Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
2024-06-25 10:51:12
Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment
2024-05-02 02:53:11
Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)
2024-06-25 09:10:37
openvas
openvas
Fedora: Security Advisory for apache-commons-configuration (FEDORA-2024-fa7b758114)
2024-04-03 00:00:00
Apache Commons Configuration 2.0.x < 2.10.1 Multiple Vulnerabilities
2024-03-21 00:00:00
Fedora: Security Advisory for apache-commons-configuration (FEDORA-2024-c673517dce)
2024-04-03 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration2 (SUSE-SU-2024:1365-1)
2024-04-23 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration (SUSE-SU-2024:1377-1)
2024-04-23 00:00:00
Fedora 39 : apache-commons-configuration (2024-fa7b758114)
2024-03-30 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: apache-commons-configuration-2.10.1-1.fc39
2024-03-30 01:10:55
[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40
2024-03-29 04:11:00
[SECURITY] Fedora 40 Update: mingw-expat-2.6.1-1.fc40
2024-03-23 00:50:46
redhat
redhat
(RHSA-2024:1509) Moderate: Red Hat Data Grid 8.4.7 security update
2024-03-26 11:13:37
(RHSA-2024:2833) Moderate: Service Registry (container images) release and security update [2.5.11 GA]
2024-05-14 09:05:37
(RHSA-2024:1797) Important: Red Hat build of Quarkus 2.13.9.SP2 release and security update
2024-04-22 10:57:23
nvd
nvd
CVE-2024-28762
2024-06-12 18:15:11
CVE-2024-31881
2024-06-12 19:15:50
CVE-2023-29267
2024-06-12 19:15:50
cvelist
cvelist
CVE-2024-28762 IBM Db2 denial of service
2024-06-12 17:54:33
CVE-2024-31881 IBM Db2 denial of service
2024-06-12 18:21:45
CVE-2023-29267 IBM Db2 denial of service
2024-06-12 18:24:20
cve
cve
CVE-2024-31881
2024-06-12 19:15:50
CVE-2023-29267
2024-06-12 19:15:50
CVE-2024-28762
2024-06-12 18:15:11
ubuntucve
ubuntucve
CVE-2024-29025
2024-03-25 00:00:00
CVE-2024-28757
2024-03-10 00:00:00
CVE-2024-26308
2024-02-19 00:00:00
osv
osv
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
2024-03-21 09:31:14
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
2024-03-21 09:31:14
CVE-2024-29025
2024-03-25 20:15:08
cgr
cgr
CVE-2024-26308 vulnerabilities
2024-05-19 03:07:16
CVE-2024-29131 vulnerabilities
2024-05-19 03:07:16
CVE-2024-29133 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Denial Of Service (DoS)
2024-02-20 06:39:51
Denial Of Service (DoS)
2024-03-28 03:09:13
Out-of-Bounds Write
2024-03-22 06:49:33
slackware
slackware
[slackware-security] expat
2024-03-13 19:51:59
atlassian
atlassian
DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server
2024-06-12 21:12:33
DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server
2024-06-12 21:13:20
cnvd
cnvd
Apache Commons Configuration Out-of-Bounds Write Vulnerability
2024-03-26 00:00:00
Apache Commons Configuration Out-of-Bounds Write Vulnerability (CNVD-2024-16109)
2024-03-26 00:00:00
githubexploit
githubexploit
Exploit for CVE-2024-28757
2024-05-03 04:58:24
Exploit for CVE-2024-28757
2024-05-03 09:21:27
Exploit for CVE-2024-28757
2024-05-03 09:24:51
redhatcve
redhatcve
CVE-2024-29133
2024-03-21 12:16:00
CVE-2024-29131
2024-03-21 12:16:07
CVE-2024-29025
2024-04-03 12:18:09
vulnrichment
vulnrichment
CVE-2024-31881 IBM Db2 denial of service
2024-06-12 18:21:45
prion
prion
Design/Logic Flaw
2023-12-03 18:15:00
Code injection
2024-02-19 09:15:00
Design/Logic Flaw
2024-02-19 09:15:00
debiancve
debiancve
CVE-2024-29025
2024-03-25 20:15:08
CVE-2024-29131
2024-03-21 09:15:07
CVE-2024-28757
2024-03-10 05:15:06
github
github
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
2024-03-21 09:31:14
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
2024-03-21 09:31:14
Netty's HttpPostRequestDecoder can OOM
2024-03-25 19:40:50
wolfi
wolfi
CVE-2024-29025 vulnerabilities
2024-06-26 21:08:32
CVE-2024-29131 vulnerabilities
2024-06-26 21:08:32
CVE-2024-29133 vulnerabilities
2024-06-26 21:08:32
cbl_mariner
cbl_mariner
CVE-2024-28757 affecting package expat for versions less than 2.6.2-1
2024-06-21 09:32:44
CVE-2024-28757 affecting package expat for versions less than 2.6.2-2
2024-04-09 20:48:36
f5
f5
K000139637: Expat vulnerability CVE-2024-28757
2024-05-16 00:00:00
redos
redos
ROS-20240506-01
2024-05-06 00:00:00
alpinelinux
alpinelinux
CVE-2024-28757
2024-03-10 05:15:06
aix
aix
AIX is affected by information disclosure due to Python (CVE-2024-28757)
2024-06-13 15:37:38
cloudlinux
cloudlinux
zlib: Fix of CVE-2023-45853
2023-10-24 20:53:31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

JSON
Related for FFE89D8502810C976F7BAFE0A825C06746BC388F9DA7CF5B6128FC9E63BDD49D
ibm44openvas24nessus25fedora5redhat6nvd9cvelist10cve10ubuntucve4osv11cgr4veracode5slackware1atlassian2cnvd2githubexploit3redhatcve7vulnrichment1prion3debiancve6github5wolfi5cbl_mariner2f51redos1alpinelinux1aix1cloudlinux1