9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.473 Medium
EPSS
Percentile
97.5%
IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin (CVE-2015-8383, CVE-2015-8381, CVE-2015-8386, CVE-2015-8388, CVE-2015-8385, CVE-2015-8387, CVE-2015-8391, CVE-2015-8390, CVE-2015-8393, CVE-2015-8395, CVE-2015-8394, CVE-2015-2328, CVE-2015-2327, CVE-2020-14155, CVE-2015-8392, CVE-2023-29258, CVE-2023-45178, CVE-2023-46167, CVE-2023-47701, CVE-2023-43020, CVE-2018-25032, CVE-2002-0059, CVE-2022-37434, CVE-2023-40692, CVE-2023-40687, CVE-2023-38727, CVE-2023-38003, CVE-2023-1370, CVE-2022-3171, CVE-2022-3509, CVE-2023-43642, CVE-2023-34462, CVE-2023-32731, CVE-2022-3510)
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Intelligent Operations Center (IOC) | 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2,5.2.3,5.2.4 |
Multiple vulnerabilities with different CVEs with different versions of IBM DB2 for Linux, UNIX and Windows has been raised .
Download the correct version of the fix pack from the following links as per your current installed DB2 version. Installation instructions for the fix are included in the document that is in the fix package.
ecurity Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)
<https://www.ibm.com/support/pages/node/7078681>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)
<https://www.ibm.com/support/pages/node/7087143>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command. (CVE-2023-40687)
<https://www.ibm.com/support/pages/node/7087149>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® is vulnerable to denial of service under extreme stress conditions. (CVE-2023-40692)
<https://www.ibm.com/support/pages/node/7087157>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.
<https://www.ibm.com/support/pages/node/7087162>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)
<https://www.ibm.com/support/pages/node/7087180>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
<https://www.ibm.com/support/pages/node/7087234>
Versions Affected: 11.1, 11.5
Security Bulletin: IBM® Db2® could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. (CVE-2023-47701)
<https://www.ibm.com/support/pages/node/7087197>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-46167)
<https://www.ibm.com/support/pages/node/7087203>
Versions Affected: 11.5
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)
<https://www.ibm.com/support/pages/node/7087207>
Versions Affected: 11.5
Security Bulletin: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)
<https://www.ibm.com/support/pages/node/7087218>
Versions Affected: 11.1, 11.5
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.
<https://www.ibm.com/support/pages/node/7087225>
Versions Affected: 10.5, 11.1, 11.5
None
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.473 Medium
EPSS
Percentile
97.5%