Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1C64499C1BB76CDC675292F03E398B96F4717AA6BA9DD4E4BE94D944EF139C27
HistoryAug 06, 2018 - 9:39 a.m.

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affects IBM Security Key Lifecycle Manager.

2018-08-0609:39:37
www.ibm.com
8

EPSS

0.001

Percentile

27.4%

JSON

Summary

There are multiple vulnerabiltities in the IBM® Db2® that is shipped with IBM Security Key Lifecycle Manager. These issues were disclosed as part of the IBM® Db2® updates published. These may affect some configurations of IBM Security Key Lifecycle Manager.

Vulnerability Details

Please consult the security bulletin:

Security Bulletin: IBM® DB2® LUW’s Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297).

Security Bulletin: IBM® Db2® performs unsafe deserialization in DB2 JDBC driver (CVE-2017-1677).

Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105)

for vulnerability details and information about fixes.

Vulnerability Details

CVEID: CVE-2017-1297 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125159 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-1677 DESCRIPTION: IBM Data Server Driver for JDBC and SQLJ deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133999 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-1105 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120668 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Affected Products and Versions

Principal Product and Version(s) Affected CVE-ID **Affected Supporting Product , Version **
IBM Security Key Lifecycle Manager (SKLM) v2.5 on distributed platforms CVE-2017-1297
CVE-2017-1677
CVE-2017-1105 IBM® Db2® Workgroup Server Edition, version 10.1
IBM Security Key Lifecycle Manager (SKLM) v2.6 on distributed platforms CVE-2017-1297
CVE-2017-1677
CVE-2017-1105 IBM® Db2® Workgroup Server Edition, Version 10.5.0.6
IBM Security Key Lifecycle Manager (SKLM) v2.7 on distributed platforms CVE-2017-1297
CVE-2017-1677
CVE-2017-1105 IBM® Db2® Advanced Workgroup Server Edition, Version 11.1
IBM Security Key Lifecycle Manager (SKLM) v3.0 on distributed platforms CVE-2017-1677
IBM® Db2® Advanced Workgroup Server Edition, Version 11.1.2.2

Related

nessus 6
ibm 9
exploitpack 1
cvelist 3
cve 3
openvas 2
nvd 3
prion 3
talos 1
exploitdb 1
zdt 1
nessus
nessus
IBM DB2 Connect 9.7 < FP11 Special Build 36621 / 10.1 < FP6 Special Build 36610 / 10.5 < FP8 Special Build 36605 / 11.1.2 < FP2 Multiple Vulnerabilities (Windows)
2017-06-30 00:00:00
IBM DB2 9.7 < FP11 Special Build 36621 / 10.1 < FP6 Special Build 36610 / 10.5 < FP8 Special Build 36605 / 11.1.2 < FP2 Multiple Vulnerabilities (UNIX)
2017-06-30 00:00:00
IBM DB2 9.7 < FP11 Special Build 36621 / 10.1 < FP6 Special Build 36610 / 10.5 < FP8 Special Build 36605 / 11.1.2 < FP2 Multiple Vulnerabilities (Windows)
2017-06-30 00:00:00
ibm
ibm
Security Bulletin: Multiple DB2 vulnerabilities affect IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1105, CVE-2017-1297)
2018-06-17 15:46:29
Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Predictive Maintenance and Quality (CVE-2016-9840, CVE-2016-9841, CVE-2017-1297, CVE-2017-1105)
2018-06-25 05:54:54
Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a 3RD PARTY Unsafe deserialization
2019-12-20 08:47:33
exploitpack
exploitpack
IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow
2017-06-26 00:00:00
cvelist
cvelist
CVE-2017-1677
2018-03-22 12:00:00
CVE-2017-1297
2017-06-27 16:00:00
CVE-2017-1105
2017-06-27 16:00:00
cve
cve
CVE-2017-1677
2018-03-22 12:29:00
CVE-2017-1105
2017-06-27 16:29:00
CVE-2017-1297
2017-06-27 16:29:00
openvas
openvas
IBM Db2 'Exceptional Conditions' Buffer Overflow Vulnerability - Linux
2017-06-29 00:00:00
IBM Db2 Command Line Processor Buffer Overflow Vulnerability (Jun 2017)
2017-06-29 00:00:00
nvd
nvd
CVE-2017-1105
2017-06-27 16:29:00
CVE-2017-1297
2017-06-27 16:29:00
CVE-2017-1677
2018-03-22 12:29:00
prion
prion
Design/Logic Flaw
2018-03-22 12:29:00
Buffer overflow
2017-06-27 16:29:00
Stack overflow
2017-06-27 16:29:00
talos
talos
IBM DB2 Shared Memory Insecure Permissions Vulnerability
2018-04-06 00:00:00
exploitdb
exploitdb
IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow
2017-06-26 00:00:00
zdt
zdt
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow Exploit
2017-06-27 00:00:00

EPSS

0.001

Percentile

27.4%

JSON
Related for 1C64499C1BB76CDC675292F03E398B96F4717AA6BA9DD4E4BE94D944EF139C27
nessus6ibm9exploitpack1cvelist3cve3openvas2nvd3prion3talos1exploitdb1zdt1