5 matches found
Security Bulletin: IBM® Db2® does not explicitly forbid a weaker than expected 3DES cipher when configured to use SSL (CVE-2019-4102).
Summary TLS 1.2 allows the use of 3DES, which has some known weaknesses, among other supported ciphers. Db2 does not forbid the use of 3DES when configured to use TLS 1.2 protocol. Although Db2 does not choose the cipher out of all available ciphers, the weaker ciphers should be explicitly...
Security Bulletin: IBM Security Key Lifecycle Manager uses Components with Known Vulnerabilities (CVE-2019-4322 CVE-2019-4386 CVE-2019-4154 CVE-2019-4102 CVE-2019-4101 CVE-2019-4057)
Summary IBM Security Key Lifecycle Manager uses IBM DB2 for Linux, UNIX and Windows which has some known vulnerabilities. Vulnerability Details CVEID: CVE-2019-4386 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 could allow an authenticated user to execute a...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with Predictive Maintenance and Quality
Summary IBM DB2 is shipped with Predictive Maintenance and Quality. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin. CVE-2019-4322 CVE-2019-4386 CVE-2019-4154 CVE-2019-4102 CVE-2019-4101 CVE-2019-4057 Vulnerability Details Refer to the securi...
CVE-2019-4102
IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092...
CVE-2019-4102
CVE-2019-4102 affects IBM DB2 for Linux/UNIX/Windows (including DB2 Connect Server) across multiple releases (9.7, 10.1, 10.5, 11.0/11.1). Root cause: use of weaker-than-expected cryptographic algorithms, enabling an attacker to decrypt highly sensitive information. Impact: potential confidential...