8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.2%
BM DB2 shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Intelligent Operations Center (IOC) | All |
Download the correct version of the fix from the following links as per your current installed DB2 version. Installation instructions for the fix are included in the document that is in the fix package.
Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query (https://www.ibm.com/support/pages/node/7010557)
Security Bulletin: IBM® Db2® is vulnerable to insufficient audit logging. (CVE-2023-23487) (https://www.ibm.com/support/pages/node/7010567)
Security Bulletin: IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431) (https://www.ibm.com/support/pages/node/7010565)
Security Bulletin: IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868) (https://www.ibm.com/support/pages/node/7010029)
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442) (https://www.ibm.com/support/pages/node/7010561)
Security Bulletin: IBM® Db2® is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256) (https://www.ibm.com/support/pages/node/7010573)
Security Bulletin: IBM® Db2® on Windows is vulnerable to privilege escalation. (CVE-2023-27558) (https://www.ibm.com/support/pages/node/7010571)
Security Bulletin: IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution. (CVE-2023-35012) (https://www.ibm.com/support/pages/node/7010747)
None
CPE | Name | Operator | Version |
---|---|---|---|
intelligent operations center (ioc) | eq | any |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.2%