Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.DB2_7145722_7145730_WIN.NASLHistoryJun 07, 2024 - 12:00 a.m.
IBM DB2 Multiple Vulnerabilities (7145722, 7145730) (Windows)
2024-06-0700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
ibm db2
windows
denial of service
vulnerabilities
cve-2023-52296
cve-2024-22360
fix pack
special build
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5.1
Confidence
High
EPSS
0
Percentile
15.5%
According to its self-reported version number, IBM Db2 on Windows may be affected by multiple vulnerabilites:
-
IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently. (CVE-2023-52296)
-
IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table.
(CVE-2024-22360)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(200217);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/10");
script_cve_id("CVE-2023-52296", "CVE-2024-22360");
script_xref(name:"IAVA", value:"2024-B-0069");
script_name(english:"IBM DB2 Multiple Vulnerabilities (7145722, 7145730) (Windows)");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, IBM Db2 on Windows may be affected by multiple vulnerabilites:
- IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently.
(CVE-2023-52296)
- IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table.
(CVE-2024-22360)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7145722");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7145730");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate IBM DB2 Fix Pack or Special Build based on the most recent fix pack level for your branch.");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-52296");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-22360");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/02");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("db2_and_db2_connect_installed.nbin");
script_require_keys("SMB/db2/Installed");
exit(0);
}
include('vcf_extras_db2.inc');
get_kb_item_or_exit('SMB/db2/Installed');
var app_info = vcf::ibm_db2::get_app_info();
var constraints = [
{'equal':'11.5.8000.317', 'fixed_build':'40526', 'fixed_display':'11.5.8000.317 Special Build 40526'},
{'equal':'11.5.9000.352', 'fixed_build':'40226', 'fixed_display':'11.5.9000.352 Special Build 40226'},
{'min_version':'11.5.8000', 'fixed_version':'11.5.8000.317', 'fixed_display':'11.5.8000.317 Special Build 40526'},
{'min_version':'11.5.9000', 'fixed_version':'11.5.9000.352', 'fixed_display':'11.5.9000.352 Special Build 40226'}
];
vcf::ibm_db2::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Related
nessus
nessus
IBM DB2 Multiple Vulnerabilities (7145722, 7145730) (Unix)
2024-06-07 00:00:00
cvelist
cvelist
CVE-2023-52296 IBM Db2 for Linux, UNIX and Windows denial of service
2024-04-03 12:30:40
CVE-2024-22360 IBM Db2 for Linux, UNIX and Windows denial of service
2024-04-03 12:32:21
vulnrichment
vulnrichment
CVE-2023-52296 IBM Db2 for Linux, UNIX and Windows denial of service
2024-04-03 12:30:40
CVE-2024-22360 IBM Db2 for Linux, UNIX and Windows denial of service
2024-04-03 12:32:21
ibm
ibm
Security Bulletin: IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently (CVE-2023-52296)
2024-04-02 16:20:12
cve
cve
CVE-2023-52296
2024-04-03 13:16:00
CVE-2024-22360
2024-04-03 13:16:01
nvd
nvd
CVE-2023-52296
2024-04-03 13:16:00
CVE-2024-22360
2024-04-03 13:16:01
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5.1
Confidence
High
EPSS
0
Percentile
15.5%
Related for DB2_7145722_7145730_WIN.NASL