Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-46167 (GCVE-0-2023-46167)
Vulnerability from cvelistv5
- CWE-20 - Improper Input Validation
Vendor | Product | Version | ||
---|---|---|---|---|
IBM | Db2 for Linux, UNIX and Windows |
Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:39.913Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7087203", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T14:06:24.402Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7087203", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-46167", datePublished: "2023-12-04T00:04:15.436Z", dateReserved: "2023-10-17T22:30:15.074Z", dateUpdated: "2025-02-13T17:14:18.298Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.5.6\", \"versionEndIncluding\": \"11.5.8\", \"matchCriteriaId\": \"55A0ECDB-9278-4812-A44C-4FDD09898E10\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A90CB3A-9BE7-475C-9E75-6ECAD2106302\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.\"}, {\"lang\": \"es\", \"value\": \"El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegaci\\u00f3n de servicio cuando se utiliza un cursor especialmente manipulado. ID de IBM X-Force: 269367.\"}]", id: "CVE-2023-46167", lastModified: "2024-11-21T08:28:00.590", metrics: "{\"cvssMetricV31\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}", published: "2023-12-04T01:15:12.147", references: "[{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/269367\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240112-0003/\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"https://www.ibm.com/support/pages/node/7087203\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/269367\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240112-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.ibm.com/support/pages/node/7087203\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2023-46167\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2023-12-04T01:15:12.147\",\"lastModified\":\"2024-11-21T08:28:00.590\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.\"},{\"lang\":\"es\",\"value\":\"El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegación de servicio cuando se utiliza un cursor especialmente manipulado. ID de IBM X-Force: 269367.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.6\",\"versionEndIncluding\":\"11.5.8\",\"matchCriteriaId\":\"55A0ECDB-9278-4812-A44C-4FDD09898E10\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A90CB3A-9BE7-475C-9E75-6ECAD2106302\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/269367\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240112-0003/\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://www.ibm.com/support/pages/node/7087203\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/269367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240112-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ibm.com/support/pages/node/7087203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
fkie_cve-2023-46167
Vulnerability from fkie_nvd
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
▶ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/269367 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20240112-0003/ | ||
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7087203 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/269367 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240112-0003/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7087203 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "55A0ECDB-9278-4812-A44C-4FDD09898E10", versionEndIncluding: "11.5.8", versionStartIncluding: "11.5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", }, { lang: "es", value: "El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegación de servicio cuando se utiliza un cursor especialmente manipulado. ID de IBM X-Force: 269367.", }, ], id: "CVE-2023-46167", lastModified: "2024-11-21T08:28:00.590", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T01:15:12.147", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { source: "psirt@us.ibm.com", url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087203", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087203", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2023-46167
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 | ||
IBM | QRadar | QRadar App SDK versions antérieures à 2.2.2 | ||
IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 | ||
IBM | Cloud Pak | Cloud Pak versions antérieures à 2.3.5.0 pour Power | ||
IBM | Cloud Pak | Cloud Pak versions antérieures à 2.3.4.1 pour Intel | ||
IBM | Sterling | Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2 | ||
IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 |
► | Title | Publication Time | Tags | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ $ref: "https://www.cert.ssi.gouv.fr/openapi.json", affected_systems: [ { description: "Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1", product: { name: "Sterling", vendor: { name: "IBM", scada: false, }, }, }, { description: "QRadar App SDK versions antérieures à 2.2.2", product: { name: "QRadar", vendor: { name: "IBM", scada: false, }, }, }, { description: "Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1", product: { name: "Sterling", vendor: { name: "IBM", scada: false, }, }, }, { description: "Cloud Pak versions antérieures à 2.3.5.0 pour Power", product: { name: "Cloud Pak", vendor: { name: "IBM", scada: false, }, }, }, { description: "Cloud Pak versions antérieures à 2.3.4.1 pour Intel", product: { name: "Cloud Pak", vendor: { name: "IBM", scada: false, }, }, }, { description: "Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2", product: { name: "Sterling", vendor: { name: "IBM", scada: false, }, }, }, { description: "Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 ", product: { name: "Sterling", vendor: { name: "IBM", scada: false, }, }, }, ], affected_systems_content: "", content: "## Solutions\n\nSe référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).", cves: [ { name: "CVE-2024-20919", url: "https://www.cve.org/CVERecord?id=CVE-2024-20919", }, { name: "CVE-2015-2327", url: "https://www.cve.org/CVERecord?id=CVE-2015-2327", }, { name: "CVE-2023-43642", url: "https://www.cve.org/CVERecord?id=CVE-2023-43642", }, { name: "CVE-2024-37891", url: "https://www.cve.org/CVERecord?id=CVE-2024-37891", }, { name: "CVE-2015-8383", url: "https://www.cve.org/CVERecord?id=CVE-2015-8383", }, { name: "CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { name: "CVE-2023-47747", url: "https://www.cve.org/CVERecord?id=CVE-2023-47747", }, { name: "CVE-2023-47158", url: "https://www.cve.org/CVERecord?id=CVE-2023-47158", }, { name: "CVE-2024-20926", url: "https://www.cve.org/CVERecord?id=CVE-2024-20926", }, { name: "CVE-2023-46167", url: "https://www.cve.org/CVERecord?id=CVE-2023-46167", }, { name: "CVE-2023-38740", url: "https://www.cve.org/CVERecord?id=CVE-2023-38740", }, { name: "CVE-2023-45853", url: "https://www.cve.org/CVERecord?id=CVE-2023-45853", }, { name: "CVE-2023-38719", url: "https://www.cve.org/CVERecord?id=CVE-2023-38719", }, { name: "CVE-2023-45178", url: "https://www.cve.org/CVERecord?id=CVE-2023-45178", }, { name: "CVE-2023-47701", url: "https://www.cve.org/CVERecord?id=CVE-2023-47701", }, { name: "CVE-2023-50308", url: "https://www.cve.org/CVERecord?id=CVE-2023-50308", }, { name: "CVE-2023-40687", url: "https://www.cve.org/CVERecord?id=CVE-2023-40687", }, { name: "CVE-2023-52296", url: "https://www.cve.org/CVERecord?id=CVE-2023-52296", }, { name: "CVE-2015-8381", url: "https://www.cve.org/CVERecord?id=CVE-2015-8381", }, { name: "CVE-2024-25046", url: "https://www.cve.org/CVERecord?id=CVE-2024-25046", }, { name: "CVE-2024-31881", url: "https://www.cve.org/CVERecord?id=CVE-2024-31881", }, { name: "CVE-2015-8392", url: "https://www.cve.org/CVERecord?id=CVE-2015-8392", }, { name: "CVE-2024-20921", url: "https://www.cve.org/CVERecord?id=CVE-2024-20921", }, { name: "CVE-2015-8395", url: "https://www.cve.org/CVERecord?id=CVE-2015-8395", }, { name: "CVE-2023-34462", url: "https://www.cve.org/CVERecord?id=CVE-2023-34462", }, { name: "CVE-2015-8393", url: "https://www.cve.org/CVERecord?id=CVE-2015-8393", }, { name: "CVE-2024-31880", url: "https://www.cve.org/CVERecord?id=CVE-2024-31880", }, { name: "CVE-2024-29025", url: "https://www.cve.org/CVERecord?id=CVE-2024-29025", }, { name: "CVE-2024-28762", url: "https://www.cve.org/CVERecord?id=CVE-2024-28762", }, { name: "CVE-2024-34062", url: "https://www.cve.org/CVERecord?id=CVE-2024-34062", }, { name: "CVE-2024-26308", url: "https://www.cve.org/CVERecord?id=CVE-2024-26308", }, { name: "CVE-2023-47746", url: "https://www.cve.org/CVERecord?id=CVE-2023-47746", }, { name: "CVE-2024-27254", url: "https://www.cve.org/CVERecord?id=CVE-2024-27254", }, { name: "CVE-2022-3510", url: "https://www.cve.org/CVERecord?id=CVE-2022-3510", }, { name: "CVE-2022-3509", url: "https://www.cve.org/CVERecord?id=CVE-2022-3509", }, { name: "CVE-2023-47141", url: "https://www.cve.org/CVERecord?id=CVE-2023-47141", }, { name: "CVE-2024-29131", url: "https://www.cve.org/CVERecord?id=CVE-2024-29131", }, { name: "CVE-2015-8388", url: "https://www.cve.org/CVERecord?id=CVE-2015-8388", }, { name: "CVE-2018-25032", url: "https://www.cve.org/CVERecord?id=CVE-2018-25032", }, { name: "CVE-2023-40692", url: "https://www.cve.org/CVERecord?id=CVE-2023-40692", }, { name: "CVE-2023-38003", url: "https://www.cve.org/CVERecord?id=CVE-2023-38003", }, { name: "CVE-2024-25710", url: "https://www.cve.org/CVERecord?id=CVE-2024-25710", }, { name: "CVE-2022-37434", url: "https://www.cve.org/CVERecord?id=CVE-2022-37434", }, { name: "CVE-2024-29133", url: "https://www.cve.org/CVERecord?id=CVE-2024-29133", }, { name: "CVE-2024-35195", url: "https://www.cve.org/CVERecord?id=CVE-2024-35195", }, { name: "CVE-2024-22360", url: "https://www.cve.org/CVERecord?id=CVE-2024-22360", }, { name: "CVE-2024-5569", url: "https://www.cve.org/CVERecord?id=CVE-2024-5569", }, { name: "CVE-2023-38729", url: "https://www.cve.org/CVERecord?id=CVE-2023-38729", }, { name: "CVE-2023-33850", url: "https://www.cve.org/CVERecord?id=CVE-2023-33850", }, { name: "CVE-2015-8385", url: "https://www.cve.org/CVERecord?id=CVE-2015-8385", }, { name: "CVE-2015-8394", url: "https://www.cve.org/CVERecord?id=CVE-2015-8394", }, { name: "CVE-2015-8391", url: "https://www.cve.org/CVERecord?id=CVE-2015-8391", }, { name: "CVE-2015-8386", url: "https://www.cve.org/CVERecord?id=CVE-2015-8386", }, { name: "CVE-2015-8387", url: "https://www.cve.org/CVERecord?id=CVE-2015-8387", }, { name: "CVE-2023-38727", url: "https://www.cve.org/CVERecord?id=CVE-2023-38727", }, { name: "CVE-2023-29258", url: "https://www.cve.org/CVERecord?id=CVE-2023-29258", }, { name: "CVE-2023-29267", url: "https://www.cve.org/CVERecord?id=CVE-2023-29267", }, { name: "CVE-2002-0059", url: "https://www.cve.org/CVERecord?id=CVE-2002-0059", }, { name: "CVE-2023-43020", url: "https://www.cve.org/CVERecord?id=CVE-2023-43020", }, { name: "CVE-2023-27859", url: "https://www.cve.org/CVERecord?id=CVE-2023-27859", }, { name: "CVE-2023-32731", url: "https://www.cve.org/CVERecord?id=CVE-2023-32731", }, { name: "CVE-2015-2328", url: "https://www.cve.org/CVERecord?id=CVE-2015-2328", }, { name: "CVE-2024-20918", url: "https://www.cve.org/CVERecord?id=CVE-2024-20918", }, { name: "CVE-2024-3651", url: "https://www.cve.org/CVERecord?id=CVE-2024-3651", }, { name: "CVE-2020-14155", url: "https://www.cve.org/CVERecord?id=CVE-2020-14155", }, { name: "CVE-2023-40374", url: "https://www.cve.org/CVERecord?id=CVE-2023-40374", }, { name: "CVE-2015-8390", url: "https://www.cve.org/CVERecord?id=CVE-2015-8390", }, { name: "CVE-2024-20945", url: "https://www.cve.org/CVERecord?id=CVE-2024-20945", }, { name: "CVE-2022-3171", url: "https://www.cve.org/CVERecord?id=CVE-2022-3171", }, { name: "CVE-2024-39689", url: "https://www.cve.org/CVERecord?id=CVE-2024-39689", }, { name: "CVE-2023-40372", url: "https://www.cve.org/CVERecord?id=CVE-2023-40372", }, { name: "CVE-2023-47152", url: "https://www.cve.org/CVERecord?id=CVE-2023-47152", }, { name: "CVE-2012-2677", url: "https://www.cve.org/CVERecord?id=CVE-2012-2677", }, { name: "CVE-2024-20952", url: "https://www.cve.org/CVERecord?id=CVE-2024-20952", }, ], links: [], reference: "CERTFR-2024-AVI-0939", revisions: [ { description: "Version initiale", revision_date: "2024-10-31T00:00:00.000000", }, ], risks: [ { description: "Déni de service à distance", }, { description: "Exécution de code arbitraire à distance", }, { description: "Atteinte à l'intégrité des données", }, { description: "Non spécifié par l'éditeur", }, { description: "Contournement de la politique de sécurité", }, { description: "Atteinte à la confidentialité des données", }, ], summary: "De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.", title: "Multiples vulnérabilités dans les produits IBM", vendor_advisories: [ { published_at: "2024-10-30", title: "Bulletin de sécurité IBM 7174441", url: "https://www.ibm.com/support/pages/node/7174441", }, { published_at: "2024-10-30", title: "Bulletin de sécurité IBM 7174420", url: "https://www.ibm.com/support/pages/node/7174420", }, { published_at: "2024-10-28", title: "Bulletin de sécurité IBM 7169788", url: "https://www.ibm.com/support/pages/node/7169788", }, { published_at: "2024-10-30", title: "Bulletin de sécurité IBM 7174440", url: "https://www.ibm.com/support/pages/node/7174440", }, ], }
CVE-2023-46167
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
IBM | Db2 | IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0 | ||
IBM | N/A | IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2 | ||
IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05 | ||
IBM | QRadar | IBM QRadar Use Case Manager App versions antérieures à 3.9.0 | ||
IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20 | ||
IBM | WebSphere | IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20 | ||
IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23 | ||
IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6 | ||
IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22 | ||
IBM | Db2 | IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0 | ||
IBM | Spectrum | IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15 | ||
IBM | WebSphere | IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20 | ||
IBM | QRadar WinCollect Agent | IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9 | ||
IBM | Spectrum | IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2 |
► | Title | Publication Time | Tags | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ $ref: "https://www.cert.ssi.gouv.fr/openapi.json", affected_systems: [ { description: "IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2", product: { name: "Db2", vendor: { name: "IBM", scada: false, }, }, }, { description: "QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0", product: { name: "QRadar Suite Software", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2", product: { name: "N/A", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05", product: { name: "QRadar SIEM", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM QRadar Use Case Manager App versions antérieures à 3.9.0", product: { name: "QRadar", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20", product: { name: "WebSphere", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20", product: { name: "WebSphere", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23", product: { name: "Sterling Connect:Direct", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6", product: { name: "Sterling Connect:Direct", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22", product: { name: "Sterling Connect:Direct", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2", product: { name: "Db2", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0", product: { name: "Cloud Pak", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15", product: { name: "Spectrum", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20", product: { name: "WebSphere", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9", product: { name: "QRadar WinCollect Agent", vendor: { name: "IBM", scada: false, }, }, }, { description: "IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2", product: { name: "Spectrum", vendor: { name: "IBM", scada: false, }, }, }, ], affected_systems_content: null, content: "## Solution\n\nSe référer au bulletin de sécurité de l'éditeur pour l'obtention des\ncorrectifs (cf. section Documentation).\n", cves: [ { name: "CVE-2022-35252", url: "https://www.cve.org/CVERecord?id=CVE-2022-35252", }, { name: "CVE-2023-21938", url: "https://www.cve.org/CVERecord?id=CVE-2023-21938", }, { name: "CVE-2022-32189", url: "https://www.cve.org/CVERecord?id=CVE-2022-32189", }, { name: "CVE-2015-2327", url: "https://www.cve.org/CVERecord?id=CVE-2015-2327", }, { name: "CVE-2023-6681", url: "https://www.cve.org/CVERecord?id=CVE-2023-6681", }, { name: "CVE-2023-43642", url: "https://www.cve.org/CVERecord?id=CVE-2023-43642", }, { name: "CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { name: "CVE-2023-46218", url: "https://www.cve.org/CVERecord?id=CVE-2023-46218", }, { name: "CVE-2023-49082", url: "https://www.cve.org/CVERecord?id=CVE-2023-49082", }, { name: "CVE-2015-8383", url: "https://www.cve.org/CVERecord?id=CVE-2015-8383", }, { name: "CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { name: "CVE-2023-45857", url: "https://www.cve.org/CVERecord?id=CVE-2023-45857", }, { name: "CVE-2023-45142", url: "https://www.cve.org/CVERecord?id=CVE-2023-45142", }, { name: "CVE-2023-34053", url: "https://www.cve.org/CVERecord?id=CVE-2023-34053", }, { name: "CVE-2022-27781", url: "https://www.cve.org/CVERecord?id=CVE-2022-27781", }, { name: "CVE-2021-22925", url: "https://www.cve.org/CVERecord?id=CVE-2021-22925", }, { name: "CVE-2023-46308", url: "https://www.cve.org/CVERecord?id=CVE-2023-46308", }, { name: "CVE-2023-46234", url: "https://www.cve.org/CVERecord?id=CVE-2023-46234", }, { name: "CVE-2023-38546", url: "https://www.cve.org/CVERecord?id=CVE-2023-38546", }, { name: "CVE-2023-47747", url: "https://www.cve.org/CVERecord?id=CVE-2023-47747", }, { name: "CVE-2023-47158", url: "https://www.cve.org/CVERecord?id=CVE-2023-47158", }, { name: "CVE-2022-23529", url: "https://www.cve.org/CVERecord?id=CVE-2022-23529", }, { name: "CVE-2023-34054", url: "https://www.cve.org/CVERecord?id=CVE-2023-34054", }, { name: "CVE-2023-30991", url: "https://www.cve.org/CVERecord?id=CVE-2023-30991", }, { name: "CVE-2023-29404", url: "https://www.cve.org/CVERecord?id=CVE-2023-29404", }, { name: "CVE-2023-21954", url: "https://www.cve.org/CVERecord?id=CVE-2023-21954", }, { name: "CVE-2022-4304", url: "https://www.cve.org/CVERecord?id=CVE-2022-4304", }, { name: "CVE-2023-37920", url: "https://www.cve.org/CVERecord?id=CVE-2023-37920", }, { name: "CVE-2023-21939", url: "https://www.cve.org/CVERecord?id=CVE-2023-21939", }, { name: "CVE-2023-46167", url: "https://www.cve.org/CVERecord?id=CVE-2023-46167", }, { name: "CVE-2022-24921", url: "https://www.cve.org/CVERecord?id=CVE-2022-24921", }, { name: "CVE-2023-38740", url: "https://www.cve.org/CVERecord?id=CVE-2023-38740", }, { name: "CVE-2022-32208", url: "https://www.cve.org/CVERecord?id=CVE-2022-32208", }, { name: "CVE-2022-28327", url: "https://www.cve.org/CVERecord?id=CVE-2022-28327", }, { name: "CVE-2022-1292", url: "https://www.cve.org/CVERecord?id=CVE-2022-1292", }, { name: "CVE-2021-33196", url: "https://www.cve.org/CVERecord?id=CVE-2021-33196", }, { name: "CVE-2021-31525", url: "https://www.cve.org/CVERecord?id=CVE-2021-31525", }, { name: "CVE-2023-38719", url: "https://www.cve.org/CVERecord?id=CVE-2023-38719", }, { name: "CVE-2023-30987", url: "https://www.cve.org/CVERecord?id=CVE-2023-30987", }, { name: "CVE-2023-45178", url: "https://www.cve.org/CVERecord?id=CVE-2023-45178", }, { name: "CVE-2023-47701", url: "https://www.cve.org/CVERecord?id=CVE-2023-47701", }, { name: "CVE-2022-41725", url: "https://www.cve.org/CVERecord?id=CVE-2022-41725", }, { name: "CVE-2023-23936", url: "https://www.cve.org/CVERecord?id=CVE-2023-23936", }, { name: "CVE-2023-50308", url: "https://www.cve.org/CVERecord?id=CVE-2023-50308", }, { name: "CVE-2021-33198", url: "https://www.cve.org/CVERecord?id=CVE-2021-33198", }, { name: "CVE-2023-40687", url: "https://www.cve.org/CVERecord?id=CVE-2023-40687", }, { name: "CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { name: "CVE-2015-8381", url: "https://www.cve.org/CVERecord?id=CVE-2015-8381", }, { name: "CVE-2022-41715", url: "https://www.cve.org/CVERecord?id=CVE-2022-41715", }, { name: "CVE-2020-16845", url: "https://www.cve.org/CVERecord?id=CVE-2020-16845", }, { name: "CVE-2023-0215", url: "https://www.cve.org/CVERecord?id=CVE-2023-0215", }, { name: "CVE-2023-0286", url: "https://www.cve.org/CVERecord?id=CVE-2023-0286", }, { name: "CVE-2022-25883", url: "https://www.cve.org/CVERecord?id=CVE-2022-25883", }, { name: "CVE-2015-8392", url: "https://www.cve.org/CVERecord?id=CVE-2015-8392", }, { name: "CVE-2022-3515", url: "https://www.cve.org/CVERecord?id=CVE-2022-3515", }, { name: "CVE-2023-29403", url: "https://www.cve.org/CVERecord?id=CVE-2023-29403", }, { name: "CVE-2022-27776", url: "https://www.cve.org/CVERecord?id=CVE-2022-27776", }, { name: "CVE-2020-28367", url: "https://www.cve.org/CVERecord?id=CVE-2020-28367", }, { name: "CVE-2024-20921", url: "https://www.cve.org/CVERecord?id=CVE-2024-20921", }, { name: "CVE-2023-4807", url: "https://www.cve.org/CVERecord?id=CVE-2023-4807", }, { name: "CVE-2023-44270", url: "https://www.cve.org/CVERecord?id=CVE-2023-44270", }, { name: "CVE-2015-8395", url: "https://www.cve.org/CVERecord?id=CVE-2015-8395", }, { name: "CVE-2023-28322", url: "https://www.cve.org/CVERecord?id=CVE-2023-28322", }, { name: "CVE-2023-34462", url: "https://www.cve.org/CVERecord?id=CVE-2023-34462", }, { name: "CVE-2023-29405", url: "https://www.cve.org/CVERecord?id=CVE-2023-29405", }, { name: "CVE-2021-38297", url: "https://www.cve.org/CVERecord?id=CVE-2021-38297", }, { name: "CVE-2015-8393", url: "https://www.cve.org/CVERecord?id=CVE-2015-8393", }, { name: "CVE-2022-30629", url: "https://www.cve.org/CVERecord?id=CVE-2022-30629", }, { name: "CVE-2022-23541", url: "https://www.cve.org/CVERecord?id=CVE-2022-23541", }, { name: "CVE-2023-44487", url: "https://www.cve.org/CVERecord?id=CVE-2023-44487", }, { name: "CVE-2023-5363", url: "https://www.cve.org/CVERecord?id=CVE-2023-5363", }, { name: "CVE-2023-45133", url: "https://www.cve.org/CVERecord?id=CVE-2023-45133", }, { name: "CVE-2023-47627", url: "https://www.cve.org/CVERecord?id=CVE-2023-47627", }, { name: "CVE-2023-26049", url: "https://www.cve.org/CVERecord?id=CVE-2023-26049", }, { name: "CVE-2022-2068", url: "https://www.cve.org/CVERecord?id=CVE-2022-2068", }, { name: "CVE-2023-26115", url: "https://www.cve.org/CVERecord?id=CVE-2023-26115", }, { name: "CVE-2023-0466", url: "https://www.cve.org/CVERecord?id=CVE-2023-0466", }, { name: "CVE-2023-32559", url: "https://www.cve.org/CVERecord?id=CVE-2023-32559", }, { name: "CVE-2022-27782", url: "https://www.cve.org/CVERecord?id=CVE-2022-27782", }, { name: "CVE-2023-4586", url: "https://www.cve.org/CVERecord?id=CVE-2023-4586", }, { name: "CVE-2022-32149", url: "https://www.cve.org/CVERecord?id=CVE-2022-32149", }, { name: "CVE-2023-40373", url: "https://www.cve.org/CVERecord?id=CVE-2023-40373", }, { name: "CVE-2023-0465", url: "https://www.cve.org/CVERecord?id=CVE-2023-0465", }, { name: "CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { name: "CVE-2023-22081", url: "https://www.cve.org/CVERecord?id=CVE-2023-22081", }, { name: "CVE-2023-20569", url: "https://www.cve.org/CVERecord?id=CVE-2023-20569", }, { name: "CVE-2023-4206", url: "https://www.cve.org/CVERecord?id=CVE-2023-4206", }, { name: "CVE-2023-38728", url: "https://www.cve.org/CVERecord?id=CVE-2023-38728", }, { name: "CVE-2021-41771", url: "https://www.cve.org/CVERecord?id=CVE-2021-41771", }, { name: "CVE-2023-28320", url: "https://www.cve.org/CVERecord?id=CVE-2023-28320", }, { name: "CVE-2023-3611", url: "https://www.cve.org/CVERecord?id=CVE-2023-3611", }, { name: "CVE-2021-33197", url: "https://www.cve.org/CVERecord?id=CVE-2021-33197", }, { name: "CVE-2023-4128", url: "https://www.cve.org/CVERecord?id=CVE-2023-4128", }, { name: "CVE-2022-29244", url: "https://www.cve.org/CVERecord?id=CVE-2022-29244", }, { name: "CVE-2021-27918", url: "https://www.cve.org/CVERecord?id=CVE-2021-27918", }, { name: "CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { name: "CVE-2023-46219", url: "https://www.cve.org/CVERecord?id=CVE-2023-46219", }, { name: "CVE-2021-4160", url: "https://www.cve.org/CVERecord?id=CVE-2021-4160", }, { name: "CVE-2023-32360", url: "https://www.cve.org/CVERecord?id=CVE-2023-32360", }, { name: "CVE-2023-47746", url: "https://www.cve.org/CVERecord?id=CVE-2023-47746", }, { name: "CVE-2022-43552", url: "https://www.cve.org/CVERecord?id=CVE-2022-43552", }, { name: "CVE-2022-3786", url: "https://www.cve.org/CVERecord?id=CVE-2022-3786", }, { name: "CVE-2023-38552", url: "https://www.cve.org/CVERecord?id=CVE-2023-38552", }, { name: "CVE-2021-22947", url: "https://www.cve.org/CVERecord?id=CVE-2021-22947", }, { name: "CVE-2023-28319", url: "https://www.cve.org/CVERecord?id=CVE-2023-28319", }, { name: "CVE-2020-15586", url: "https://www.cve.org/CVERecord?id=CVE-2020-15586", }, { name: "CVE-2021-22922", url: "https://www.cve.org/CVERecord?id=CVE-2021-22922", }, { name: "CVE-2022-23540", url: "https://www.cve.org/CVERecord?id=CVE-2022-23540", }, { name: "CVE-2022-22576", url: "https://www.cve.org/CVERecord?id=CVE-2022-22576", }, { name: "CVE-2021-39293", url: "https://www.cve.org/CVERecord?id=CVE-2021-39293", }, { name: "CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { name: "CVE-2023-42795", url: "https://www.cve.org/CVERecord?id=CVE-2023-42795", }, { name: "CVE-2023-4207", url: "https://www.cve.org/CVERecord?id=CVE-2023-4207", }, { name: "CVE-2022-3510", url: "https://www.cve.org/CVERecord?id=CVE-2022-3510", }, { name: "CVE-2022-3509", url: "https://www.cve.org/CVERecord?id=CVE-2022-3509", }, { name: "CVE-2021-22946", url: "https://www.cve.org/CVERecord?id=CVE-2021-22946", }, { name: "CVE-2023-39318", url: "https://www.cve.org/CVERecord?id=CVE-2023-39318", }, { name: "CVE-2023-37276", url: "https://www.cve.org/CVERecord?id=CVE-2023-37276", }, { name: "CVE-2023-23920", url: "https://www.cve.org/CVERecord?id=CVE-2023-23920", }, { name: "CVE-2022-41716", url: "https://www.cve.org/CVERecord?id=CVE-2022-41716", }, { name: "CVE-2023-20593", url: "https://www.cve.org/CVERecord?id=CVE-2023-20593", }, { name: "CVE-2021-3711", url: "https://www.cve.org/CVERecord?id=CVE-2021-3711", }, { name: "CVE-2023-38720", url: "https://www.cve.org/CVERecord?id=CVE-2023-38720", }, { name: "CVE-2023-34055", url: "https://www.cve.org/CVERecord?id=CVE-2023-34055", }, { name: "CVE-2023-0464", url: "https://www.cve.org/CVERecord?id=CVE-2023-0464", }, { name: "CVE-2022-24999", url: "https://www.cve.org/CVERecord?id=CVE-2022-24999", }, { name: "CVE-2023-47141", url: "https://www.cve.org/CVERecord?id=CVE-2023-47141", }, { name: "CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { name: "CVE-2023-23918", url: "https://www.cve.org/CVERecord?id=CVE-2023-23918", }, { name: "CVE-2015-8388", url: "https://www.cve.org/CVERecord?id=CVE-2015-8388", }, { name: "CVE-2018-25032", url: "https://www.cve.org/CVERecord?id=CVE-2018-25032", }, { name: "CVE-2023-40692", url: "https://www.cve.org/CVERecord?id=CVE-2023-40692", }, { name: "CVE-2021-41190", url: "https://www.cve.org/CVERecord?id=CVE-2021-41190", }, { name: "CVE-2023-45193", url: "https://www.cve.org/CVERecord?id=CVE-2023-45193", }, { name: "CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { name: "CVE-2023-38003", url: "https://www.cve.org/CVERecord?id=CVE-2023-38003", }, { name: "CVE-2023-45648", url: "https://www.cve.org/CVERecord?id=CVE-2023-45648", }, { name: "CVE-2023-45803", url: "https://www.cve.org/CVERecord?id=CVE-2023-45803", }, { name: "CVE-2023-29406", url: "https://www.cve.org/CVERecord?id=CVE-2023-29406", }, { name: "CVE-2023-39319", url: "https://www.cve.org/CVERecord?id=CVE-2023-39319", }, { name: "CVE-2023-47145", url: "https://www.cve.org/CVERecord?id=CVE-2023-47145", }, { name: "CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { name: "CVE-2024-22190", url: "https://www.cve.org/CVERecord?id=CVE-2024-22190", }, { name: "CVE-2022-41717", url: "https://www.cve.org/CVERecord?id=CVE-2022-41717", }, { name: "CVE-2023-28321", url: "https://www.cve.org/CVERecord?id=CVE-2023-28321", }, { name: "CVE-2023-24536", url: "https://www.cve.org/CVERecord?id=CVE-2023-24536", }, { name: "CVE-2022-32221", url: "https://www.cve.org/CVERecord?id=CVE-2022-32221", }, { name: "CVE-2022-37434", url: "https://www.cve.org/CVERecord?id=CVE-2022-37434", }, { name: "CVE-2022-40982", url: "https://www.cve.org/CVERecord?id=CVE-2022-40982", }, { name: "CVE-2023-39976", url: "https://www.cve.org/CVERecord?id=CVE-2023-39976", }, { name: "CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { name: "CVE-2023-38325", url: "https://www.cve.org/CVERecord?id=CVE-2023-38325", }, { name: "CVE-2023-4208", url: "https://www.cve.org/CVERecord?id=CVE-2023-4208", }, { name: "CVE-2020-8244", url: "https://www.cve.org/CVERecord?id=CVE-2020-8244", }, { name: "CVE-2022-24675", url: "https://www.cve.org/CVERecord?id=CVE-2022-24675", }, { name: "CVE-2022-23806", url: "https://www.cve.org/CVERecord?id=CVE-2022-23806", }, { name: "CVE-2020-19909", url: "https://www.cve.org/CVERecord?id=CVE-2020-19909", }, { name: "CVE-2022-48337", url: "https://www.cve.org/CVERecord?id=CVE-2022-48337", }, { name: "CVE-2023-3776", url: "https://www.cve.org/CVERecord?id=CVE-2023-3776", }, { name: "CVE-2021-36221", url: "https://www.cve.org/CVERecord?id=CVE-2021-36221", }, { name: "CVE-2023-44981", url: "https://www.cve.org/CVERecord?id=CVE-2023-44981", }, { name: "CVE-2022-2880", url: "https://www.cve.org/CVERecord?id=CVE-2022-2880", }, { name: "CVE-2023-21937", url: "https://www.cve.org/CVERecord?id=CVE-2023-21937", }, { name: "CVE-2022-23773", url: "https://www.cve.org/CVERecord?id=CVE-2022-23773", }, { name: "CVE-2023-24539", url: "https://www.cve.org/CVERecord?id=CVE-2023-24539", }, { name: "CVE-2021-34558", url: "https://www.cve.org/CVERecord?id=CVE-2021-34558", }, { name: "CVE-2022-23539", url: "https://www.cve.org/CVERecord?id=CVE-2022-23539", }, { name: "CVE-2022-4450", url: "https://www.cve.org/CVERecord?id=CVE-2022-4450", }, { name: "CVE-2023-33850", url: "https://www.cve.org/CVERecord?id=CVE-2023-33850", }, { name: "CVE-2023-2650", url: "https://www.cve.org/CVERecord?id=CVE-2023-2650", }, { name: "CVE-2015-8385", url: "https://www.cve.org/CVERecord?id=CVE-2015-8385", }, { name: "CVE-2015-8394", url: "https://www.cve.org/CVERecord?id=CVE-2015-8394", }, { name: "CVE-2020-29510", url: "https://www.cve.org/CVERecord?id=CVE-2020-29510", }, { name: "CVE-2022-2879", url: "https://www.cve.org/CVERecord?id=CVE-2022-2879", }, { name: "CVE-2023-24532", url: "https://www.cve.org/CVERecord?id=CVE-2023-24532", }, { name: "CVE-2015-8391", url: "https://www.cve.org/CVERecord?id=CVE-2015-8391", }, { name: "CVE-2015-8386", url: "https://www.cve.org/CVERecord?id=CVE-2015-8386", }, { name: "CVE-2022-23772", url: "https://www.cve.org/CVERecord?id=CVE-2022-23772", }, { name: "CVE-2023-2597", url: "https://www.cve.org/CVERecord?id=CVE-2023-2597", }, { name: "CVE-2021-41772", url: "https://www.cve.org/CVERecord?id=CVE-2021-41772", }, { name: "CVE-2024-0727", url: "https://www.cve.org/CVERecord?id=CVE-2024-0727", }, { name: "CVE-2023-6129", url: "https://www.cve.org/CVERecord?id=CVE-2023-6129", }, { name: "CVE-2022-48339", url: "https://www.cve.org/CVERecord?id=CVE-2022-48339", }, { name: "CVE-2015-8387", url: "https://www.cve.org/CVERecord?id=CVE-2015-8387", }, { name: "CVE-2023-49081", url: "https://www.cve.org/CVERecord?id=CVE-2023-49081", }, { name: "CVE-2021-3114", url: "https://www.cve.org/CVERecord?id=CVE-2021-3114", }, { name: "CVE-2023-29400", url: "https://www.cve.org/CVERecord?id=CVE-2023-29400", }, { name: "CVE-2022-25881", url: "https://www.cve.org/CVERecord?id=CVE-2022-25881", }, { name: "CVE-2022-43548", url: "https://www.cve.org/CVERecord?id=CVE-2022-43548", }, { name: "CVE-2023-38727", url: "https://www.cve.org/CVERecord?id=CVE-2023-38727", }, { name: "CVE-2021-29923", url: "https://www.cve.org/CVERecord?id=CVE-2021-29923", }, { name: "CVE-2022-0778", url: "https://www.cve.org/CVERecord?id=CVE-2022-0778", }, { name: "CVE-2022-41724", url: "https://www.cve.org/CVERecord?id=CVE-2022-41724", }, { name: "CVE-2023-23919", url: "https://www.cve.org/CVERecord?id=CVE-2023-23919", }, { name: "CVE-2020-24553", url: "https://www.cve.org/CVERecord?id=CVE-2020-24553", }, { name: "CVE-2023-29258", url: "https://www.cve.org/CVERecord?id=CVE-2023-29258", }, { name: "CVE-2021-44716", url: "https://www.cve.org/CVERecord?id=CVE-2021-44716", }, { name: "CVE-2023-34062", url: "https://www.cve.org/CVERecord?id=CVE-2023-34062", }, { name: "CVE-2020-28362", url: "https://www.cve.org/CVERecord?id=CVE-2020-28362", }, { name: "CVE-2023-5676", url: "https://www.cve.org/CVERecord?id=CVE-2023-5676", }, { name: "CVE-2022-36046", url: "https://www.cve.org/CVERecord?id=CVE-2022-36046", }, { name: "CVE-2022-2097", url: "https://www.cve.org/CVERecord?id=CVE-2022-2097", }, { name: "CVE-2021-33194", url: "https://www.cve.org/CVERecord?id=CVE-2021-33194", }, { name: "CVE-2023-24540", url: "https://www.cve.org/CVERecord?id=CVE-2023-24540", }, { name: "CVE-2022-32206", url: "https://www.cve.org/CVERecord?id=CVE-2022-32206", }, { name: "CVE-2002-0059", url: "https://www.cve.org/CVERecord?id=CVE-2002-0059", }, { name: "CVE-2023-43020", url: "https://www.cve.org/CVERecord?id=CVE-2023-43020", }, { name: "CVE-2021-3712", url: "https://www.cve.org/CVERecord?id=CVE-2021-3712", }, { name: "CVE-2023-21968", url: "https://www.cve.org/CVERecord?id=CVE-2023-21968", }, { name: "CVE-2023-24537", url: "https://www.cve.org/CVERecord?id=CVE-2023-24537", }, { name: "CVE-2023-27859", url: "https://www.cve.org/CVERecord?id=CVE-2023-27859", }, { name: "CVE-2023-32731", url: "https://www.cve.org/CVERecord?id=CVE-2023-32731", }, { name: "CVE-2023-21930", url: "https://www.cve.org/CVERecord?id=CVE-2023-21930", }, { name: "CVE-2021-22926", url: "https://www.cve.org/CVERecord?id=CVE-2021-22926", }, { name: "CVE-2015-2328", url: "https://www.cve.org/CVERecord?id=CVE-2015-2328", }, { name: "CVE-2024-20918", url: "https://www.cve.org/CVERecord?id=CVE-2024-20918", }, { name: "CVE-2022-30580", url: "https://www.cve.org/CVERecord?id=CVE-2022-30580", }, { name: "CVE-2023-32006", url: "https://www.cve.org/CVERecord?id=CVE-2023-32006", }, { name: "CVE-2023-24538", url: "https://www.cve.org/CVERecord?id=CVE-2023-24538", }, { name: "CVE-2020-14155", url: "https://www.cve.org/CVERecord?id=CVE-2020-14155", }, { name: "CVE-2022-3602", url: "https://www.cve.org/CVERecord?id=CVE-2022-3602", }, { name: "CVE-2023-2976", url: "https://www.cve.org/CVERecord?id=CVE-2023-2976", }, { name: "CVE-2023-36665", url: "https://www.cve.org/CVERecord?id=CVE-2023-36665", }, { name: "CVE-2023-46158", url: "https://www.cve.org/CVERecord?id=CVE-2023-46158", }, { name: "CVE-2021-22923", url: "https://www.cve.org/CVERecord?id=CVE-2021-22923", }, { name: "CVE-2022-41723", url: "https://www.cve.org/CVERecord?id=CVE-2022-41723", }, { name: "CVE-2023-40374", url: "https://www.cve.org/CVERecord?id=CVE-2023-40374", }, { name: "CVE-2015-8390", url: "https://www.cve.org/CVERecord?id=CVE-2015-8390", }, { name: "CVE-2023-46589", url: "https://www.cve.org/CVERecord?id=CVE-2023-46589", }, { name: "CVE-2023-39323", url: "https://www.cve.org/CVERecord?id=CVE-2023-39323", }, { name: "CVE-2023-29402", url: "https://www.cve.org/CVERecord?id=CVE-2023-29402", }, { name: "CVE-2023-26048", url: "https://www.cve.org/CVERecord?id=CVE-2023-26048", }, { name: "CVE-2023-39331", url: "https://www.cve.org/CVERecord?id=CVE-2023-39331", }, { name: "CVE-2023-29409", url: "https://www.cve.org/CVERecord?id=CVE-2023-29409", }, { name: "CVE-2023-32681", url: "https://www.cve.org/CVERecord?id=CVE-2023-32681", }, { name: "CVE-2024-20945", url: "https://www.cve.org/CVERecord?id=CVE-2024-20945", }, { name: "CVE-2023-24534", url: "https://www.cve.org/CVERecord?id=CVE-2023-24534", }, { name: "CVE-2023-3446", url: "https://www.cve.org/CVERecord?id=CVE-2023-3446", }, { name: "CVE-2022-3171", url: "https://www.cve.org/CVERecord?id=CVE-2022-3171", }, { name: "CVE-2023-39332", url: "https://www.cve.org/CVERecord?id=CVE-2023-39332", }, { name: "CVE-2023-21967", url: "https://www.cve.org/CVERecord?id=CVE-2023-21967", }, { name: "CVE-2020-14039", url: "https://www.cve.org/CVERecord?id=CVE-2020-14039", }, { name: "CVE-2023-40372", url: "https://www.cve.org/CVERecord?id=CVE-2023-40372", }, { name: "CVE-2023-26159", url: "https://www.cve.org/CVERecord?id=CVE-2023-26159", }, { name: "CVE-2023-5678", url: "https://www.cve.org/CVERecord?id=CVE-2023-5678", }, { name: "CVE-2023-47152", url: "https://www.cve.org/CVERecord?id=CVE-2023-47152", }, { name: "CVE-2023-32002", url: "https://www.cve.org/CVERecord?id=CVE-2023-32002", }, { name: "CVE-2020-28366", url: "https://www.cve.org/CVERecord?id=CVE-2020-28366", }, { name: "CVE-2024-20952", url: "https://www.cve.org/CVERecord?id=CVE-2024-20952", }, { name: "CVE-2021-33195", url: "https://www.cve.org/CVERecord?id=CVE-2021-33195", }, { name: "CVE-2022-27664", url: "https://www.cve.org/CVERecord?id=CVE-2022-27664", }, { name: "CVE-2023-38545", url: "https://www.cve.org/CVERecord?id=CVE-2023-38545", }, { name: "CVE-2023-23916", url: "https://www.cve.org/CVERecord?id=CVE-2023-23916", }, ], links: [], reference: "CERTFR-2024-AVI-0145", revisions: [ { description: "Version initiale", revision_date: "2024-02-16T00:00:00.000000", }, ], risks: [ { description: "Exécution de code arbitraire à distance", }, { description: "Élévation de privilèges", }, { description: "Atteinte à la confidentialité des données", }, { description: "Atteinte à l'intégrité des données", }, { description: "Déni de service", }, { description: "Contournement de la politique de sécurité", }, { description: "Injection de requêtes illégitimes par rebond (CSRF)", }, { description: "Injection de code indirecte à distance (XSS)", }, { description: "Non spécifié par l'éditeur", }, ], summary: "De multiples vulnérabilités ont été découvertes dans <span\nclass=\"textit\">les produits IBM</span>. Certaines d'entre elles\npermettent à un attaquant de provoquer une atteinte à la confidentialité\ndes données, une exécution de code arbitraire à distance et une\nélévation de privilèges.\n", title: "Multiples vulnérabilités dans les produits IBM", vendor_advisories: [ { published_at: null, title: "Bulletin de sécurité IBM 7117872 du 14 février 2024", url: "https://www.ibm.com/support/pages/node/7117872", }, { published_at: null, title: "Bulletin de sécurité IBM 7118592 du 16 février 2024", url: "https://www.ibm.com/support/pages/node/7118592", }, { published_at: null, title: "Bulletin de sécurité IBM 7117873 du 14 février 2024", url: "https://www.ibm.com/support/pages/node/7117873", }, { published_at: null, title: "Bulletin de sécurité IBM 7118289 du 15 février 2024", url: "https://www.ibm.com/support/pages/node/7118289", }, { published_at: null, title: "Bulletin de sécurité IBM 7118351 du 15 février 2024", url: "https://www.ibm.com/support/pages/node/7118351", }, { published_at: null, title: "Bulletin de sécurité IBM 7117821 du 14 février 2024", url: "https://www.ibm.com/support/pages/node/7117821", }, { published_at: null, title: "Bulletin de sécurité IBM 7117883 du 14 février 2024", url: "https://www.ibm.com/support/pages/node/7117883", }, { published_at: null, title: "Bulletin de sécurité IBM 7117881 du 14 février 2024", url: "https://www.ibm.com/support/pages/node/7117881", }, { published_at: null, title: "Bulletin de sécurité IBM 7117884 du 14 février 2024", url: "https://www.ibm.com/support/pages/node/7117884", }, ], }
cnvd-2023-98170
Vulnerability from cnvd
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://www.ibm.com/support/pages/node/7087203
Name |
---|
IBM DB2 >=11.5.6,<=11.5.8 |
{ cves: { cve: { cveNumber: "CVE-2023-46167", cveUrl: "https://nvd.nist.gov/vuln/detail/CVE-2023-46167", }, }, description: "IBM Db2是美国国际商业机器(IBM)公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBMi、z/OS以及Windows服务器版本。\n\nIBM DB2存在输入验证错误漏洞,该漏洞源于当使用特制游标时,容易受到拒绝服务攻击。攻击者可以利用该漏洞造成DoS。", formalWay: "目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:\r\nhttps://www.ibm.com/support/pages/node/7087203", isEvent: "通用软硬件漏洞", number: "CNVD-2023-98170", openTime: "2023-12-19", patchDescription: "IBM Db2是美国国际商业机器(IBM)公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBMi、z/OS以及Windows服务器版本。\r\n\r\nIBM DB2存在输入验证错误漏洞,该漏洞源于当使用特制游标时,容易受到拒绝服务攻击。攻击者可以利用该漏洞造成DoS。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。", patchName: "IBM DB2输入验证错误漏洞(CNVD-2023-9817085)的补丁", products: { product: "IBM DB2 >=11.5.6,<=11.5.8", }, referenceLink: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46167", serverity: "高", submitTime: "2023-12-08", title: "IBM DB2输入验证错误漏洞(CNVD-2023-9817085)", }
ghsa-w6g4-j7xw-wrv7
Vulnerability from github
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.
{ affected: [], aliases: [ "CVE-2023-46167", ], database_specific: { cwe_ids: [ "CWE-20", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2023-12-04T01:15:12Z", severity: "MODERATE", }, details: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", id: "GHSA-w6g4-j7xw-wrv7", modified: "2023-12-04T03:30:27Z", published: "2023-12-04T03:30:27Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46167", }, { type: "WEB", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20240112-0003", }, { type: "WEB", url: "https://www.ibm.com/support/pages/node/7087203", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
wid-sec-w-2023-3048
Vulnerability from csaf_certbund
Notes
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen oder beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-3048 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3048.json", }, { category: "self", summary: "WID-SEC-2023-3048 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3048", }, { category: "external", summary: "IBM Security Bulletin 7111596 vom 2024-01-24", url: "https://www.ibm.com/support/pages/node/7111596", }, { category: "external", summary: "IBM Security Bulletin 7095587 vom 2023-12-12", url: "https://www.ibm.com/support/pages/node/7095587", }, { category: "external", summary: "IBM Security Bulletin 7096699 vom 2023-12-14", url: "https://www.ibm.com/support/pages/node/7096699", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087157", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087207", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7078681", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087143", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087149", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087180", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087197", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087203", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087218", }, { category: "external", summary: "GitHub Advisory Database vom 2023-12-03", url: "https://github.com/advisories/GHSA-4xmg-9frg-c434", }, { category: "external", summary: "GitHub Advisory Database vom 2023-12-03", url: "https://github.com/advisories/GHSA-6wj8-32mg-qhm6", }, { category: "external", summary: "IBM Security Bulletin 7159926 vom 2024-07-10", url: "https://www.ibm.com/support/pages/node/7159926", }, { category: "external", summary: "IBM Security Bulletin 7168022 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168022", }, { category: "external", summary: "HCL Security Advisory vom 2024-11-30", url: "https://support.hcl-software.com/community?id=community_blog&sys_id=ab451f7ffb0a5210db10f2797befdcca", }, ], source_lang: "en-US", title: "IBM DB2: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-01T23:00:00.000+00:00", generator: { date: "2024-12-02T09:04:08.741+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2023-3048", initial_release_date: "2023-12-03T23:00:00.000+00:00", revision_history: [ { date: "2023-12-03T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-12-04T23:00:00.000+00:00", number: "2", summary: "doppelten Eintrag entfernt", }, { date: "2023-12-12T23:00:00.000+00:00", number: "3", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-12-13T23:00:00.000+00:00", number: "4", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-24T23:00:00.000+00:00", number: "5", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-07-09T22:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-09-10T22:00:00.000+00:00", number: "7", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2024-12-01T23:00:00.000+00:00", number: "8", summary: "Neue Updates von HCL aufgenommen", }, ], status: "final", version: "8", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "HCL Commerce", product: { name: "HCL Commerce", product_id: "T019293", product_identification_helper: { cpe: "cpe:/a:hcltechsw:commerce:-", }, }, }, ], category: "vendor", name: "HCL", }, { branches: [ { branches: [ { category: "product_version", name: "11.1", product: { name: "IBM DB2 11.1", product_id: "342000", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.1", }, }, }, { category: "product_version", name: "11.5", product: { name: "IBM DB2 11.5", product_id: "T031444", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.5", }, }, }, { category: "product_version", name: "10.5", product: { name: "IBM DB2 10.5", product_id: "T031445", product_identification_helper: { cpe: "cpe:/a:ibm:db2:10.5", }, }, }, ], category: "product_name", name: "DB2", }, { branches: [ { category: "product_version", name: "9.2", product: { name: "IBM License Metric Tool 9.2", product_id: "T031605", product_identification_helper: { cpe: "cpe:/a:ibm:license_metric_tool:9.2", }, }, }, ], category: "product_name", name: "License Metric Tool", }, { branches: [ { category: "product_version", name: "Key Lifecycle Manager 3.0", product: { name: "IBM Security Guardium Key Lifecycle Manager 3.0", product_id: "T021011", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_3.0", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 4.0", product: { name: "IBM Security Guardium Key Lifecycle Manager 4.0", product_id: "T021012", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.0", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 3.0.1", product: { name: "IBM Security Guardium Key Lifecycle Manager 3.0.1", product_id: "T021013", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_3.0.1", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 4.2", product: { name: "IBM Security Guardium Key Lifecycle Manager 4.2", product_id: "T027545", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 4.1", product: { name: "IBM Security Guardium Key Lifecycle Manager 4.1", product_id: "T029695", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 4.1.1", product: { name: "IBM Security Guardium Key Lifecycle Manager 4.1.1", product_id: "T029696", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1", }, }, }, ], category: "product_name", name: "Security Guardium", }, { branches: [ { category: "product_version", name: "6.2.0", product: { name: "IBM Tivoli Business Service Manager 6.2.0", product_id: "T014092", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_business_service_manager:6.2.0", }, }, }, { category: "product_version_range", name: "<6.2.0.5 IF5", product: { name: "IBM Tivoli Business Service Manager <6.2.0.5 IF5", product_id: "T037436", }, }, { category: "product_version", name: "6.2.0.5 IF5", product: { name: "IBM Tivoli Business Service Manager 6.2.0.5 IF5", product_id: "T037436-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_business_service_manager:6.2.0.5_if5", }, }, }, ], category: "product_name", name: "Tivoli Business Service Manager", }, { category: "product_name", name: "IBM Tivoli Key Lifecycle Manager", product: { name: "IBM Tivoli Key Lifecycle Manager", product_id: "T026238", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_key_lifecycle_manager:-", }, }, }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2023-29258", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-29258", }, { cve: "CVE-2023-38727", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-38727", }, { cve: "CVE-2023-40687", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-40687", }, { cve: "CVE-2023-40692", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-40692", }, { cve: "CVE-2023-43020", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-43020", }, { cve: "CVE-2023-45178", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-45178", }, { cve: "CVE-2023-46167", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-46167", }, { cve: "CVE-2023-47701", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-47701", }, { cve: "CVE-2023-38003", notes: [ { category: "description", text: "In IBM DB2 existiert eine Schwachstellen. Diese besteht in dem Privilegienmanagement für Nutzer mit dem \"DATAACCESS\" Recht. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-38003", }, ], }
WID-SEC-W-2023-3048
Vulnerability from csaf_certbund
Notes
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen oder beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-3048 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3048.json", }, { category: "self", summary: "WID-SEC-2023-3048 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3048", }, { category: "external", summary: "IBM Security Bulletin 7111596 vom 2024-01-24", url: "https://www.ibm.com/support/pages/node/7111596", }, { category: "external", summary: "IBM Security Bulletin 7095587 vom 2023-12-12", url: "https://www.ibm.com/support/pages/node/7095587", }, { category: "external", summary: "IBM Security Bulletin 7096699 vom 2023-12-14", url: "https://www.ibm.com/support/pages/node/7096699", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087157", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087207", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7078681", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087143", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087149", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087180", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087197", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087203", }, { category: "external", summary: "IBM Security Advisory vom 2023-12-03", url: "https://www.ibm.com/support/pages/node/7087218", }, { category: "external", summary: "GitHub Advisory Database vom 2023-12-03", url: "https://github.com/advisories/GHSA-4xmg-9frg-c434", }, { category: "external", summary: "GitHub Advisory Database vom 2023-12-03", url: "https://github.com/advisories/GHSA-6wj8-32mg-qhm6", }, { category: "external", summary: "IBM Security Bulletin 7159926 vom 2024-07-10", url: "https://www.ibm.com/support/pages/node/7159926", }, { category: "external", summary: "IBM Security Bulletin 7168022 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168022", }, { category: "external", summary: "HCL Security Advisory vom 2024-11-30", url: "https://support.hcl-software.com/community?id=community_blog&sys_id=ab451f7ffb0a5210db10f2797befdcca", }, ], source_lang: "en-US", title: "IBM DB2: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-01T23:00:00.000+00:00", generator: { date: "2024-12-02T09:04:08.741+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2023-3048", initial_release_date: "2023-12-03T23:00:00.000+00:00", revision_history: [ { date: "2023-12-03T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-12-04T23:00:00.000+00:00", number: "2", summary: "doppelten Eintrag entfernt", }, { date: "2023-12-12T23:00:00.000+00:00", number: "3", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-12-13T23:00:00.000+00:00", number: "4", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-24T23:00:00.000+00:00", number: "5", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-07-09T22:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-09-10T22:00:00.000+00:00", number: "7", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2024-12-01T23:00:00.000+00:00", number: "8", summary: "Neue Updates von HCL aufgenommen", }, ], status: "final", version: "8", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "HCL Commerce", product: { name: "HCL Commerce", product_id: "T019293", product_identification_helper: { cpe: "cpe:/a:hcltechsw:commerce:-", }, }, }, ], category: "vendor", name: "HCL", }, { branches: [ { branches: [ { category: "product_version", name: "11.1", product: { name: "IBM DB2 11.1", product_id: "342000", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.1", }, }, }, { category: "product_version", name: "11.5", product: { name: "IBM DB2 11.5", product_id: "T031444", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.5", }, }, }, { category: "product_version", name: "10.5", product: { name: "IBM DB2 10.5", product_id: "T031445", product_identification_helper: { cpe: "cpe:/a:ibm:db2:10.5", }, }, }, ], category: "product_name", name: "DB2", }, { branches: [ { category: "product_version", name: "9.2", product: { name: "IBM License Metric Tool 9.2", product_id: "T031605", product_identification_helper: { cpe: "cpe:/a:ibm:license_metric_tool:9.2", }, }, }, ], category: "product_name", name: "License Metric Tool", }, { branches: [ { category: "product_version", name: "Key Lifecycle Manager 3.0", product: { name: "IBM Security Guardium Key Lifecycle Manager 3.0", product_id: "T021011", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_3.0", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 4.0", product: { name: "IBM Security Guardium Key Lifecycle Manager 4.0", product_id: "T021012", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.0", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 3.0.1", product: { name: "IBM Security Guardium Key Lifecycle Manager 3.0.1", product_id: "T021013", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_3.0.1", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 4.2", product: { name: "IBM Security Guardium Key Lifecycle Manager 4.2", product_id: "T027545", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 4.1", product: { name: "IBM Security Guardium Key Lifecycle Manager 4.1", product_id: "T029695", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1", }, }, }, { category: "product_version", name: "Key Lifecycle Manager 4.1.1", product: { name: "IBM Security Guardium Key Lifecycle Manager 4.1.1", product_id: "T029696", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1", }, }, }, ], category: "product_name", name: "Security Guardium", }, { branches: [ { category: "product_version", name: "6.2.0", product: { name: "IBM Tivoli Business Service Manager 6.2.0", product_id: "T014092", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_business_service_manager:6.2.0", }, }, }, { category: "product_version_range", name: "<6.2.0.5 IF5", product: { name: "IBM Tivoli Business Service Manager <6.2.0.5 IF5", product_id: "T037436", }, }, { category: "product_version", name: "6.2.0.5 IF5", product: { name: "IBM Tivoli Business Service Manager 6.2.0.5 IF5", product_id: "T037436-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_business_service_manager:6.2.0.5_if5", }, }, }, ], category: "product_name", name: "Tivoli Business Service Manager", }, { category: "product_name", name: "IBM Tivoli Key Lifecycle Manager", product: { name: "IBM Tivoli Key Lifecycle Manager", product_id: "T026238", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_key_lifecycle_manager:-", }, }, }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2023-29258", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-29258", }, { cve: "CVE-2023-38727", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-38727", }, { cve: "CVE-2023-40687", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-40687", }, { cve: "CVE-2023-40692", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-40692", }, { cve: "CVE-2023-43020", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-43020", }, { cve: "CVE-2023-45178", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-45178", }, { cve: "CVE-2023-46167", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-46167", }, { cve: "CVE-2023-47701", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen. Diese sind auf verschiedene Anfälligkeiten bei der Verarbeitung von Requests und Fehlern in Befehlen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-47701", }, { cve: "CVE-2023-38003", notes: [ { category: "description", text: "In IBM DB2 existiert eine Schwachstellen. Diese besteht in dem Privilegienmanagement für Nutzer mit dem \"DATAACCESS\" Recht. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen.", }, ], product_status: { known_affected: [ "T029695", "T031445", "T031444", "342000", "T019293", "T037436", "T014092", "T031605", "T026238", "T027545", "T021013", "T021012", "T021011", "T029696", ], }, release_date: "2023-12-03T23:00:00.000+00:00", title: "CVE-2023-38003", }, ], }
gsd-2023-46167
Vulnerability from gsd
{ GSD: { alias: "CVE-2023-46167", id: "GSD-2023-46167", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-46167", ], details: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", id: "GSD-2023-46167", modified: "2023-12-13T01:20:53.089684Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2023-46167", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Db2 for Linux, UNIX and Windows", version: { version_data: [ { version_affected: "=", version_value: "11.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", }, ], }, generator: { engine: "Vulnogram 0.1.0-dev", }, impact: { cvss: [ { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-20", lang: "eng", value: "CWE-20 Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/7087203", refsource: "MISC", url: "https://www.ibm.com/support/pages/node/7087203", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { name: "https://security.netapp.com/advisory/ntap-20240112-0003/", refsource: "MISC", url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, ], }, source: { discovery: "UNKNOWN", }, }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "55A0ECDB-9278-4812-A44C-4FDD09898E10", versionEndIncluding: "11.5.8", versionStartIncluding: "11.5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", }, { lang: "es", value: "El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegación de servicio cuando se utiliza un cursor especialmente manipulado. ID de IBM X-Force: 269367.", }, ], id: "CVE-2023-46167", lastModified: "2024-01-12T14:15:48.413", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], }, published: "2023-12-04T01:15:12.147", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { source: "psirt@us.ibm.com", url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087203", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, ], }, }, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.