8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.2%
IBM Security Verify Governance - Identity Manager supports IBM DB2 database. See this security bulletin for information about multiple vulnerabilities affecting IBM DB2.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|
IBM Security Verify Governance, Identity Manager
(software component)
|
IBM Security Verify Governance, Identity Manager
(virtual appliance component)
|
IBM encourages customers to quickly apply all the fixes to update their systems.
Principal Product and Version(s) | Affected Supporting Product and Version(s) | Affected Supporting Product Security Bulletin |
---|
ISVG 10.0.0.X -
Identity Manager (All fix packs)
ISVG 10.0.1.X - Identity Manager (All fix packs)
|
DB2 versions
Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query
(<https://www.ibm.com/support/pages/node/7010557>)
Security Bulletin: IBM® Db2® is vulnerable to insufficient audit logging. (CVE-2023-23487)
(<https://www.ibm.com/support/pages/node/7010567>)
Security Bulletin: IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431)
(<https://www.ibm.com/support/pages/node/7010565>)
Security Bulletin: IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868)
(<https://www.ibm.com/support/pages/node/7010029>)
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442)
(<https://www.ibm.com/support/pages/node/7010561>)
Security Bulletin: IBM® Db2® is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256)
(<https://www.ibm.com/support/pages/node/7010573>)
Security Bulletin: IBM® Db2® on Windows is vulnerable to privilege escalation. (CVE-2023-27558)
(<https://www.ibm.com/support/pages/node/7010571>)
Security Bulletin: IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution. (CVE-2023-35012)
(<https://www.ibm.com/support/pages/node/7010747>)
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security identity manager | eq | 10.0.0.3 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.2%