Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-40374 (GCVE-0-2023-40374)
Vulnerability from cvelistv5 – Published: 2023-10-16 22:47 – Updated: 2025-02-13 17:07
VLAI
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.
Severity
5.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7047261 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| https://security.netapp.com/advisory/ntap-2023111… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Affected:
11.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7047261"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Db2 for Linux, UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575."
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T15:07:01.160Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7047261"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-40374",
"datePublished": "2023-10-16T22:47:19.415Z",
"dateReserved": "2023-08-14T20:12:05.636Z",
"dateUpdated": "2025-02-13T17:07:46.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-40374",
"date": "2026-06-02",
"epss": "0.00047",
"percentile": "0.14946"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5\", \"versionEndIncluding\": \"11.5.8\", \"matchCriteriaId\": \"8966D805-3817-488E-B692-D15838AD3469\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A90CB3A-9BE7-475C-9E75-6ECAD2106302\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.\"}, {\"lang\": \"es\", \"value\": \"IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 es vulnerable a la Denegaci\\u00f3n de Servicio con una declaraci\\u00f3n de consulta especialmente manipulada. ID de IBM X-Force: 263575.\"}]",
"id": "CVE-2023-40374",
"lastModified": "2024-11-21T08:19:19.480",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-10-16T23:15:10.243",
"references": "[{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/263575\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231116-0007/\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7047261\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/263575\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231116-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7047261\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-40374\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2023-10-16T23:15:10.243\",\"lastModified\":\"2024-11-21T08:19:19.480\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.\"},{\"lang\":\"es\",\"value\":\"IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 es vulnerable a la Denegaci\u00f3n de Servicio con una declaraci\u00f3n de consulta especialmente manipulada. ID de IBM X-Force: 263575.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5\",\"versionEndIncluding\":\"11.5.8\",\"matchCriteriaId\":\"8966D805-3817-488E-B692-D15838AD3469\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A90CB3A-9BE7-475C-9E75-6ECAD2106302\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/263575\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231116-0007/\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7047261\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/263575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231116-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7047261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
GHSA-CW9H-CRJM-C99P
Vulnerability from github – Published: 2023-10-17 00:30 – Updated: 2023-11-16 18:30
VLAI
Details
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.
Severity
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-40374"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-16T23:15:10Z",
"severity": "HIGH"
},
"details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.",
"id": "GHSA-cw9h-crjm-c99p",
"modified": "2023-11-16T18:30:24Z",
"published": "2023-10-17T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40374"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231116-0007"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7047261"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-40374
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-40374",
"id": "GSD-2023-40374"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-40374"
],
"details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.",
"id": "GSD-2023-40374",
"modified": "2023-12-13T01:20:43.493920Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2023-40374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Db2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575."
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-20",
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/7047261",
"refsource": "MISC",
"url": "https://www.ibm.com/support/pages/node/7047261"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575"
},
{
"name": "https://security.netapp.com/advisory/ntap-20231116-0007/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8966D805-3817-488E-B692-D15838AD3469",
"versionEndIncluding": "11.5.8",
"versionStartIncluding": "11.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575."
},
{
"lang": "es",
"value": "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 es vulnerable a la Denegaci\u00f3n de Servicio con una declaraci\u00f3n de consulta especialmente manipulada. ID de IBM X-Force: 263575."
}
],
"id": "CVE-2023-40374",
"lastModified": "2023-12-22T21:09:55.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2023-10-16T23:15:10.243",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0007/"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7047261"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
}
}
}
WID-SEC-W-2023-2592
Vulnerability from csaf_certbund - Published: 2023-10-08 22:00 - Updated: 2024-02-27 23:00Summary
IBM DB2: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder beliebigen Code auszuführen.
Betroffene Betriebssysteme: - Linux
- Windows
- Sonstiges
Es besteht eine Schwachstelle in IBM DB2. Ein entfernter Angreifer kann diese Schwachstelle mit einer speziell gestalteten Abfrage auf bestimmten Datenbanken ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Ein entfernter Angreifer kann diese Schwachstelle mit einer speziell gestalteten Abfrage ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
IBM DB2 < 10.5 FP11
IBM / DB2
|
cpe:/a:ibm:db2:10.5_fp11
|
< 10.5 FP11 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Dieser Fehler besteht in den GSKit-Crypto-Komponenten aufgrund eines zeitbasierten Seitenkanals in der RSA-Entschlüsselungsimplementierung. Durch das Senden einer übermäßig großen Anzahl von Testmeldungen für die Entschlüsselung kann ein entfernter Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Während der Deaktivierung der Datenbank auf DPF kann ein lokaler Angreifer mit besonderen Rechten diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
IBM DB2 < 10.5 FP11
IBM / DB2
|
cpe:/a:ibm:db2:10.5_fp11
|
< 10.5 FP11 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 < 11.1.4 FP7
IBM / DB2
|
cpe:/a:ibm:db2:11.1.4_fp7
|
< 11.1.4 FP7 | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle mit einer speziell gestalteten ALTER TABLE-Anweisung ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
IBM DB2 < 10.5 FP11
IBM / DB2
|
cpe:/a:ibm:db2:10.5_fp11
|
< 10.5 FP11 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann mit einer speziell gestalteten XML-Abfrageanweisung diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle mit einer speziell gestalteten SQL-Anweisung ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
IBM DB2 < 10.5 FP11
IBM / DB2
|
cpe:/a:ibm:db2:10.5_fp11
|
< 10.5 FP11 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 < 11.1.4 FP7
IBM / DB2
|
cpe:/a:ibm:db2:11.1.4_fp7
|
< 11.1.4 FP7 | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Dieser Fehler besteht in der libqb-Komponente, die eine unsachgemäße Überprüfung der Grenzen durch die qb_vsnprintf_serialize-Funktion in log_blackbox.c durchführt. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter Angreifer diese Schwachstelle ausnutzen, um einen Pufferüberlauf zu erzeugen und beliebigen Code auszuführen.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
IBM DB2 < 10.5 FP11
IBM / DB2
|
cpe:/a:ibm:db2:10.5_fp11
|
< 10.5 FP11 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 < 11.1.4 FP7
IBM / DB2
|
cpe:/a:ibm:db2:11.1.4_fp7
|
< 11.1.4 FP7 | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle mit einer speziell gestalteten SQL-Anweisung unter Verwendung von External Tables ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
IBM DB2 < 10.5 FP11
IBM / DB2
|
cpe:/a:ibm:db2:10.5_fp11
|
< 10.5 FP11 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 < 11.1.4 FP7
IBM / DB2
|
cpe:/a:ibm:db2:11.1.4_fp7
|
< 11.1.4 FP7 | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle mit einer speziell gestalteten Abfrage, die allgemeine Tabellenausdrücke enthält, ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
Es besteht eine Schwachstelle in IBM DB2. Ein entfernter Angreifer kann diese Schwachstelle mit einer speziell gestalteten Abfrageanweisung ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
IBM License Metric Tool < 9.2.33
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2.33
|
< 9.2.33 | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
IBM License Metric Tool
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:-
|
— | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
IBM DB2 < 10.5 FP11
IBM / DB2
|
cpe:/a:ibm:db2:10.5_fp11
|
< 10.5 FP11 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 < 11.1.4 FP7
IBM / DB2
|
cpe:/a:ibm:db2:11.1.4_fp7
|
< 11.1.4 FP7 | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 |
References
19 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2592 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2592.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2592 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2592"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047261"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047478"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047481"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047489"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047499"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047554"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047558"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047560"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047561"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047563"
},
{
"category": "external",
"summary": "IBM Security Advisories vom 2023-10-08",
"url": "https://www.ibm.com/support/pages/node/7047565"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5597 vom 2023-10-11",
"url": "https://access.redhat.com/errata/RHSA-2023:5597"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7052776 vom 2023-10-16",
"url": "https://www.ibm.com/support/pages/node/7052776"
},
{
"category": "external",
"summary": "IBM Security Bulletin 1126755 vom 2023-10-16",
"url": "https://www.ibm.com/support/pages/node/1126755"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6578 vom 2023-11-07",
"url": "https://access.redhat.com/errata/RHSA-2023:6578"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7080122 vom 2023-11-21",
"url": "https://www.ibm.com/support/pages/node/7080122"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7124105 vom 2024-02-27",
"url": "https://www.ibm.com/support/pages/node/7124105"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-27T23:00:00.000+00:00",
"generator": {
"date": "2024-02-28T10:37:41.049+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2592",
"initial_release_date": "2023-10-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-10T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-07T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-20T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-02-27T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 11.5.8",
"product": {
"name": "IBM DB2 \u003c 11.5.8",
"product_id": "T030313",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.5.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 10.5 FP11",
"product": {
"name": "IBM DB2 \u003c 10.5 FP11",
"product_id": "T030314",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:10.5_fp11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 11.1.4 FP7",
"product": {
"name": "IBM DB2 \u003c 11.1.4 FP7",
"product_id": "T030315",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.1.4_fp7"
}
}
},
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM DB2 11.5",
"product_id": "T033138",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.5"
}
}
},
{
"category": "product_version",
"name": "11.1",
"product": {
"name": "IBM DB2 11.1",
"product_id": "T033139",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.1"
}
}
},
{
"category": "product_version",
"name": "10.5",
"product": {
"name": "IBM DB2 10.5",
"product_id": "T033140",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:10.5"
}
}
}
],
"category": "product_name",
"name": "DB2"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM License Metric Tool",
"product": {
"name": "IBM License Metric Tool",
"product_id": "T016581",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c 9.2.33",
"product": {
"name": "IBM License Metric Tool \u003c 9.2.33",
"product_id": "T030111",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2.33"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
},
{
"branches": [
{
"category": "product_version",
"name": "6.2.0",
"product": {
"name": "IBM Tivoli Business Service Manager 6.2.0",
"product_id": "T014092",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0"
}
}
}
],
"category": "product_name",
"name": "Tivoli Business Service Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-30987",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Ein entfernter Angreifer kann diese Schwachstelle mit einer speziell gestalteten Abfrage auf bestimmten Datenbanken ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"67646",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-30987"
},
{
"cve": "CVE-2023-30991",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Ein entfernter Angreifer kann diese Schwachstelle mit einer speziell gestalteten Abfrage ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"T030314",
"67646",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-30991"
},
{
"cve": "CVE-2023-33850",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Dieser Fehler besteht in den GSKit-Crypto-Komponenten aufgrund eines zeitbasierten Seitenkanals in der RSA-Entschl\u00fcsselungsimplementierung. Durch das Senden einer \u00fcberm\u00e4\u00dfig gro\u00dfen Anzahl von Testmeldungen f\u00fcr die Entschl\u00fcsselung kann ein entfernter Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"67646",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-33850"
},
{
"cve": "CVE-2023-38719",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. W\u00e4hrend der Deaktivierung der Datenbank auf DPF kann ein lokaler Angreifer mit besonderen Rechten diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"T030314",
"67646",
"T030315",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-38719"
},
{
"cve": "CVE-2023-38720",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle mit einer speziell gestalteten ALTER TABLE-Anweisung ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"T030314",
"67646",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-38720"
},
{
"cve": "CVE-2023-38728",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann mit einer speziell gestalteten XML-Abfrageanweisung diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"67646",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-38728"
},
{
"cve": "CVE-2023-38740",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle mit einer speziell gestalteten SQL-Anweisung ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"T030314",
"67646",
"T030315",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-38740"
},
{
"cve": "CVE-2023-39976",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Dieser Fehler besteht in der libqb-Komponente, die eine unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung der Grenzen durch die qb_vsnprintf_serialize-Funktion in log_blackbox.c durchf\u00fchrt. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter Angreifer diese Schwachstelle ausnutzen, um einen Puffer\u00fcberlauf zu erzeugen und beliebigen Code auszuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"T030314",
"67646",
"T030315",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-39976"
},
{
"cve": "CVE-2023-40372",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle mit einer speziell gestalteten SQL-Anweisung unter Verwendung von External Tables ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"T030314",
"67646",
"T030315",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-40372"
},
{
"cve": "CVE-2023-40373",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle mit einer speziell gestalteten Abfrage, die allgemeine Tabellenausdr\u00fccke enth\u00e4lt, ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"67646",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-40373"
},
{
"cve": "CVE-2023-40374",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM DB2. Ein entfernter Angreifer kann diese Schwachstelle mit einer speziell gestalteten Abfrageanweisung ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033138",
"T030111",
"T033139",
"T016581",
"T014092",
"T030314",
"67646",
"T030315",
"T033140"
]
},
"release_date": "2023-10-08T22:00:00Z",
"title": "CVE-2023-40374"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…