Vulnerability-Lookup

CVE-2021-39002 (GCVE-0-2021-39002)

Vulnerability from cvelistv5 – Published: 2021-12-09 17:00 – Updated: 2024-09-16 20:13

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.0/A:N/UI:N/S:U/AV:N/PR:N/C:H/AC:H/I:N/E:U/RC:C/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/6523802	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://security.netapp.com/advisory/ntap-2022011…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	DB2 for Linux, UNIX and Windows	Affected: 10.5 Affected: 10.1 Affected: 9.7 Affected: 11.1 Affected: 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:17.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6523802"
          },
          {
            "name": "ibm-db2-cve202139002-info-disc (213217)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DB2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "11.1"
            },
            {
              "status": "affected",
              "version": "11.5"
            }
          ]
        }
      ],
      "datePublic": "2021-12-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/UI:N/S:U/AV:N/PR:N/C:H/AC:H/I:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-14T06:06:15.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6523802"
        },
        {
          "name": "ibm-db2-cve202139002-info-disc (213217)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-12-08T00:00:00",
          "ID": "CVE-2021-39002",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DB2 for Linux, UNIX and Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.5"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "9.7"
                          },
                          {
                            "version_value": "11.1"
                          },
                          {
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6523802",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6523802 (DB2 for Linux, UNIX and Windows)",
              "url": "https://www.ibm.com/support/pages/node/6523802"
            },
            {
              "name": "ibm-db2-cve202139002-info-disc (213217)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220114-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-39002",
    "datePublished": "2021-12-09T17:00:32.094Z",
    "dateReserved": "2021-08-16T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:13:31.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2022-AVI-059

Vulnerability from certfr_avis - Published: 2022-01-20 - Updated: 2022-01-20

De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Db2	IBM Db2 Warehouse versions antérieures à 11.5.7.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6541958 du 19 janvier 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Db2 Warehouse versions ant\u00e9rieures \u00e0 11.5.7.0",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-39002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39002"
    },
    {
      "name": "CVE-2021-38926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38926"
    },
    {
      "name": "CVE-2021-29678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
    },
    {
      "name": "CVE-2021-38931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38931"
    },
    {
      "name": "CVE-2021-20373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20373"
    }
  ],
  "initial_release_date": "2022-01-20T00:00:00",
  "last_revision_date": "2022-01-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-059",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Db2. Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Db2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6541958 du 19 janvier 2022",
      "url": "https://www.ibm.com/support/pages/node/6541958"
    }
  ]
}

CERTFR-2022-AVI-239

Vulnerability from certfr_avis - Published: 2022-03-14 - Updated: 2022-03-14

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x antérieures à 10.1.10
IBM	Spectrum	IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.14
IBM	Spectrum	IBM Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.15
IBM	Spectrum	IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x antérieures à 8.1.14
IBM	Spectrum	IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.10
IBM	Spectrum	IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x antérieures à 10.1.10
IBM	Spectrum	IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.14
IBM	Spectrum	IBM Spectrum Protect Client Management Service versions 8.1.x antérieures à 8.1.14
IBM	Spectrum	IBM Spectrum Protect Operations Center versions 8.1.x antérieures à 8.1.14
IBM	WebSphere	IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x antérieures à 4.0.1
IBM	Spectrum	IBM Spectrum Protect Plus File Systems Agent versions 10.1.x antérieures à 10.1.10
IBM	Spectrum	IBM Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.14
IBM	Spectrum	IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.14

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6562471 du 11 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6562895 du 11 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6445699 du 11 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6562401 du 11 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6562843 du 11 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6562849 du 11 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6562873 du 11 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6562383 du 11 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6562405 du 11 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6562919 du 11 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.15",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Backup-Archive Client web user interface versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Client Management Service versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server versions 7.0, 8.0, 8.5 et 9.0 avec Content Collector for Email versions 4.0.x ant\u00e9rieures \u00e0 4.0.1",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.x ant\u00e9rieures \u00e0 10.1.10",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-41182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
    },
    {
      "name": "CVE-2022-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
    },
    {
      "name": "CVE-2021-35517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
    },
    {
      "name": "CVE-2022-21680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
    },
    {
      "name": "CVE-2021-39002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39002"
    },
    {
      "name": "CVE-2021-36090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
    },
    {
      "name": "CVE-2021-41184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
    },
    {
      "name": "CVE-2021-41183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
    },
    {
      "name": "CVE-2021-38926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38926"
    },
    {
      "name": "CVE-2021-23222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23222"
    },
    {
      "name": "CVE-2021-29678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
    },
    {
      "name": "CVE-2020-35508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35508"
    },
    {
      "name": "CVE-2022-23806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
    },
    {
      "name": "CVE-2021-23214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
    },
    {
      "name": "CVE-2022-23773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
    },
    {
      "name": "CVE-2021-38951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38951"
    },
    {
      "name": "CVE-2020-8492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
    },
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2022-23772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
    },
    {
      "name": "CVE-2021-23727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23727"
    },
    {
      "name": "CVE-2021-35578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
    },
    {
      "name": "CVE-2021-38931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38931"
    },
    {
      "name": "CVE-2021-3139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3139"
    },
    {
      "name": "CVE-2021-44716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
    },
    {
      "name": "CVE-2021-20373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20373"
    },
    {
      "name": "CVE-2020-15436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2022-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
    },
    {
      "name": "CVE-2021-33026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33026"
    },
    {
      "name": "CVE-2020-14323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14323"
    },
    {
      "name": "CVE-2021-44717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
    },
    {
      "name": "CVE-2021-41617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
    },
    {
      "name": "CVE-2021-4034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
    },
    {
      "name": "CVE-2022-21681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
    },
    {
      "name": "CVE-2020-35513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35513"
    }
  ],
  "initial_release_date": "2022-03-14T00:00:00",
  "last_revision_date": "2022-03-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-239",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562471 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562471"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562895 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562895"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6445699 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6445699"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562401 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562401"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562843 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562843"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562849 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562849"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562873 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562873"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562383 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562383"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562405 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562405"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562919 du 11 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562919"
    }
  ]
}

CERTFR-2022-AVI-253

Vulnerability from certfr_avis - Published: 2022-03-17 - Updated: 2022-03-17

De multiples vulnérabilités ont été découvertes dans IBM Spectrum Protect Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.14
IBM	Spectrum	IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.14.100
IBM	Spectrum	IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.14

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6562919 du 15 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6563457 du 16 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.14.100",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-39002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39002"
    },
    {
      "name": "CVE-2021-38926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38926"
    },
    {
      "name": "CVE-2021-29678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
    },
    {
      "name": "CVE-2021-23450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
    },
    {
      "name": "CVE-2021-38931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38931"
    },
    {
      "name": "CVE-2021-20373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20373"
    }
  ],
  "initial_release_date": "2022-03-17T00:00:00",
  "last_revision_date": "2022-03-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-253",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\nProtect Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum Protect Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6562919 du 15 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6562919"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6563457 du 16 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6563457"
    }
  ]
}

GSD-2021-39002

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-39002

Aliases

CVE-2021-39002

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-39002",
    "description": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.",
    "id": "GSD-2021-39002"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-39002"
      ],
      "details": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.",
      "id": "GSD-2021-39002",
      "modified": "2023-12-13T01:23:15.934863Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2021-12-08T00:00:00",
        "ID": "CVE-2021-39002",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DB2 for Linux, UNIX and Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "10.5"
                        },
                        {
                          "version_value": "10.1"
                        },
                        {
                          "version_value": "9.7"
                        },
                        {
                          "version_value": "11.1"
                        },
                        {
                          "version_value": "11.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "N",
            "AC": "H",
            "AV": "N",
            "C": "H",
            "I": "N",
            "PR": "N",
            "S": "U",
            "SCORE": "5.900",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Obtain Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/6523802",
            "refsource": "CONFIRM",
            "title": "IBM Security Bulletin 6523802 (DB2 for Linux, UNIX and Windows)",
            "url": "https://www.ibm.com/support/pages/node/6523802"
          },
          {
            "name": "ibm-db2-cve202139002-info-disc (213217)",
            "refsource": "XF",
            "title": "X-Force Vulnerability Report",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20220114-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:-:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2021-39002"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-327"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-db2-cve202139002-info-disc (213217)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/6523802",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6523802"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220114-0002/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-01-21T14:47Z",
      "publishedDate": "2021-12-09T17:15Z"
    }
  }
}

CNVD-2021-99669

Vulnerability from cnvd - Published: 2021-12-13

Title

IBM DB2信息泄露漏洞（CNVD-2021-99669）

Description

IBM DB2是美国IBM公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBMi、z/OS以及Windows服务器版本。 IBM DB2 for Linux、UNIX和Windows存在信息泄露漏洞，该漏洞源于使用的加密算法比预期的要弱，攻击者可能利用该漏洞解密高度敏感的信息。

Severity

中

Patch Name

IBM DB2信息泄露漏洞（CNVD-2021-99669）的补丁

Patch Description

IBM DB2是美国IBM公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBMi、z/OS以及Windows服务器版本。 IBM DB2 for Linux、UNIX和Windows存在信息泄露漏洞，该漏洞源于使用的加密算法比预期的要弱，攻击者可能利用该漏洞解密高度敏感的信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/6524674

Reference

https://www.ibm.com/support/pages/node/6523802

Impacted products

Name
['IBM DB2 for Linux、UNIX和Windows 9.7', 'IBM DB2 for Linux、UNIX和Windows 10.1', 'IBM DB2 for Linux、UNIX和Windows 10.5', 'IBM DB2 for Linux、UNIX和Windows 11.1', 'IBM DB2 for Linux、UNIX和Windows 11.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-39002",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-39002"
    }
  },
  "description": "IBM DB2\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u6267\u884c\u73af\u5883\u4e3b\u8981\u6709UNIX\u3001Linux\u3001IBMi\u3001z/OS\u4ee5\u53caWindows\u670d\u52a1\u5668\u7248\u672c\u3002\n\nIBM DB2 for Linux\u3001UNIX\u548cWindows\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u7684\u52a0\u5bc6\u7b97\u6cd5\u6bd4\u9884\u671f\u7684\u8981\u5f31\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6\u9ad8\u5ea6\u654f\u611f\u7684\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/6524674",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-99669",
  "openTime": "2021-12-13",
  "patchDescription": "IBM DB2\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u6267\u884c\u73af\u5883\u4e3b\u8981\u6709UNIX\u3001Linux\u3001IBMi\u3001z/OS\u4ee5\u53caWindows\u670d\u52a1\u5668\u7248\u672c\u3002\r\n\r\nIBM DB2 for Linux\u3001UNIX\u548cWindows\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u7684\u52a0\u5bc6\u7b97\u6cd5\u6bd4\u9884\u671f\u7684\u8981\u5f31\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6\u9ad8\u5ea6\u654f\u611f\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM DB2\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-99669\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM DB2 for Linux\u3001UNIX\u548cWindows 9.7",
      "IBM DB2 for Linux\u3001UNIX\u548cWindows 10.1",
      "IBM DB2 for Linux\u3001UNIX\u548cWindows 10.5",
      "IBM DB2 for Linux\u3001UNIX\u548cWindows 11.1",
      "IBM DB2 for Linux\u3001UNIX\u548cWindows 11.5"
    ]
  },
  "referenceLink": "https://www.ibm.com/support/pages/node/6523802",
  "serverity": "\u4e2d",
  "submitTime": "2021-12-12",
  "title": "IBM DB2\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-99669\uff09"
}

GHSA-79JV-MX3J-G9VR

Vulnerability from github – Published: 2021-12-10 00:00 – Updated: 2021-12-15 00:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-39002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-09T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.",
  "id": "GHSA-79jv-mx3j-g9vr",
  "modified": "2021-12-15T00:01:39Z",
  "published": "2021-12-10T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39002"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220114-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6523802"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2021-39002

Vulnerability from fkie_nvd - Published: 2021-12-09 17:15 - Updated: 2024-11-21 06:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/213217	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20220114-0002/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6523802	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/213217	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220114-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6523802	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	9.7
ibm	db2	10.1
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:-:*:*",
              "matchCriteriaId": "CC97D272-ABEE-4FA3-BE61-67AAD2A8D281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
    },
    {
      "lang": "es",
      "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, usa algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial"
    }
  ],
  "id": "CVE-2021-39002",
  "lastModified": "2024-11-21T06:18:23.823",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-09T17:15:07.837",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220114-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6523802"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-39002 (GCVE-0-2021-39002)

CERTFR-2022-AVI-059

Solution

CERTFR-2022-AVI-239

Solution

CERTFR-2022-AVI-253

Solution

GSD-2021-39002

CNVD-2021-99669

GHSA-79JV-MX3J-G9VR

FKIE_CVE-2021-39002

Tags

Sightings

Nomenclature