Lucene search

IBM348E62DD5141DFD4A436B500E555CA2A557A89507F7008800E0AE1217AF7A858

HistoryJun 12, 2023 - 12:59 p.m.

Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights

2023-06-1212:59:27

www.ibm.com

ibm db2

operations analytics

predictive insights

vulnerabilities

cves

remediation

fixes

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

71.5%

JSON

Summary

There are multiple vulnerabilities in IBM® DB2, which is a core component used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs (CVE-2023-29257, CVE-2023-26021, CVE-2023-26022, CVE-2023-27559, CVE-2023-25930, CVE-2023-29255, CVE-2023-27555 )

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Operations Analytics Predictive Insights	1.3.5
IBM Operations Analytics Predictive Insights	1.3.6

Remediation/Fixes

Please consult and apply the recommended fixes in the security bulletin: Security Bulletin: IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. (CVE-2023-29257)

Please consult and apply the recommended fixes in the security bulletin: Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. (CVE-2023-26021)

Please consult and apply the recommended fixes in the security bulletin: Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. (CVE-2023-26022)

Please consult and apply the recommended fixes in the security bulletin: Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. (CVE-2023-27559)

Please consult and apply the recommended fixes in the security bulletin: Security Bulletin: IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. (CVE-2023-25930)

Please consult and apply the recommended fixes in the security bulletin: <https://www.ibm.com/support/pages/security-bulletin-ibm®-db2®-vulnerable-denial-service-it-may-trap-when-compiling-variation-anonymous-block-cve-2023-29255>

Please consult and apply the recommended fixes in the security bulletin: Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers. (CVE-2023-27555)

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmoperations_analytics_predictive_insightsMatch1.3.5

ibmoperations_analytics_predictive_insightsMatch1.3.6

VendorProductVersionCPE
ibmoperations_analytics_predictive_insights1.3.5cpe:2.3:a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:*
ibmoperations_analytics_predictive_insights1.3.6cpe:2.3:a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	operations_analytics_predictive_insights	1.3.5	cpe:2.3:a:ibm:operations_analytics_predictive_insights:1.3.5:::::::*
ibm	operations_analytics_predictive_insights	1.3.6	cpe:2.3:a:ibm:operations_analytics_predictive_insights:1.3.6:::::::*