cvelistv5 - CVE-2024-31881

CVE-2024-31881 (GCVE-0-2024-31881)

Vulnerability from cvelistv5

Published

2024-06-12 18:21

Modified

2025-11-04 16:12

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.

References

URL

Tags

psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/287613	VDB Entry
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7156852	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/287613	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240912-0005/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7156852	Vendor Advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:a:ibm:db2:10.5:::::aix:: cpe:2.3:a:ibm:db2:10.5:::::hp-ux:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:a:ibm:db2:11.1:::::aix:: cpe:2.3:a:ibm:db2:11.1:::::hp-ux:: cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::aix:: cpe:2.3:a:ibm:db2:11.5:::::hp-ux:: cpe:2.3:a:ibm:db2:11.5:::::windows::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T18:19:10.584437Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T18:19:20.537Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:12:05.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7156852"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287613"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240912-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
            "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1, 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613."
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T18:21:45.458Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7156852"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287613"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-31881",
    "datePublished": "2024-06-12T18:21:45.458Z",
    "dateReserved": "2024-04-07T12:44:46.960Z",
    "dateUpdated": "2025-11-04T16:12:05.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-31881\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-06-12T19:15:50.710\",\"lastModified\":\"2025-11-04T17:15:51.390\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613.\"},{\"lang\":\"es\",\"value\":\"IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio ya que el servidor puede fallar cuando un usuario autenticado utiliza una consulta especialmente manipulada en ciertas tablas de columnas. ID de IBM X-Force: 287613.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"C9AB7540-A007-4554-A0E6-F75FDECB41FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*\",\"matchCriteriaId\":\"E48B9069-E7BD-480F-90B3-3791D5D2E79E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"9A04E067-F41C-494B-B59A-92B9FA001122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"A2ED357E-CBC6-454F-9B9E-E98E9A139376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*\",\"matchCriteriaId\":\"33D92200-08A1-42F4-98B8-52584342C18B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"A49F8B60-EAC8-46B6-9F48-6C877E41D615\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"42CB728E-ECA8-40DE-83E7-8AF390AA61FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*\",\"matchCriteriaId\":\"9105BCAD-F2C6-4568-B497-D72424753B58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"ADF7E611-0330-437D-9535-B710EC2FDA00\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/287613\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7156852\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/287613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240912-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ibm.com/support/pages/node/7156852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31881\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-13T18:19:10.584437Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-13T18:19:16.416Z\"}}], \"cna\": {\"title\": \"IBM Db2 denial of service\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*\", \"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*\", \"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*\", \"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*\", \"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*\", \"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*\", \"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*\", \"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*\", \"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*\", \"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*\", \"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*\", \"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*\", \"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*\", \"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*\", \"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*\"], \"vendor\": \"IBM\", \"product\": \"Db2 for Linux, UNIX and Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5, 11.1, 11.5\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7156852\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/287613\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-06-12T18:21:45.458Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-31881\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-06-13T18:19:20.537Z\", \"dateReserved\": \"2024-04-07T12:44:46.960Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2024-06-12T18:21:45.458Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cnvd-2025-01792

Vulnerability from cnvd

Title

IBM Db2拒绝服务漏洞（CNVD-2025-01792）

Description

IBM Db2是美国国际商业机器（IBM）公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBMi、z/OS以及Windows服务器版本。 IBM Db2存在拒绝服务漏洞，攻击者可利用该漏洞导致服务器崩溃。

Severity

中

Patch Name

IBM Db2拒绝服务漏洞（CNVD-2025-01792）的补丁

Patch Description

IBM Db2是美国国际商业机器（IBM）公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBMi、z/OS以及Windows服务器版本。 IBM Db2存在拒绝服务漏洞，攻击者可利用该漏洞导致服务器崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/7156852

Reference

https://www.ibm.com/support/pages/node/7156852

Impacted products

Name
['IBM IBM DB2 >=10.5.0，<=10.5.11', 'IBM IBM DB2 >=11.1.4，<=11.1.4.7', 'IBM IBM DB2 >=11.5.0，<=11.5.9']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-31881",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-31881"
    }
  },
  "description": "IBM Db2\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u6267\u884c\u73af\u5883\u4e3b\u8981\u6709UNIX\u3001Linux\u3001IBMi\u3001z/OS\u4ee5\u53caWindows\u670d\u52a1\u5668\u7248\u672c\u3002\n\nIBM Db2\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u5668\u5d29\u6e83\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/7156852",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-01792",
  "openTime": "2025-01-20",
  "patchDescription": "IBM Db2\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u6267\u884c\u73af\u5883\u4e3b\u8981\u6709UNIX\u3001Linux\u3001IBMi\u3001z/OS\u4ee5\u53caWindows\u670d\u52a1\u5668\u7248\u672c\u3002\r\n\r\nIBM Db2\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u5668\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Db2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2025-01792\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM IBM DB2 \u003e=10.5.0\uff0c\u003c=10.5.11",
      "IBM IBM DB2 \u003e=11.1.4\uff0c\u003c=11.1.4.7",
      "IBM IBM DB2 \u003e=11.5.0\uff0c\u003c=11.5.9"
    ]
  },
  "referenceLink": "https://www.ibm.com/support/pages/node/7156852",
  "serverity": "\u4e2d",
  "submitTime": "2024-06-18",
  "title": "IBM Db2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2025-01792\uff09"
}

CERTFR-2024-AVI-0903

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	N/A	WebSphere Application Server Liberty versions 20.0.12 à 24.0.0.10 sans le correctif de sécurité PH63533 ou antérieures à 24.0.0.11 (disponibilité prévue pour le dernier trimestre 2024)
IBM	N/A	QRadar Incident Forensics versions 7.5.x antérieures à 7.5.0 UP10
IBM	N/A	Storage Protect Server versions 8.1.x antérieures à 8.1.24
IBM	N/A	Robotic Process Automation pour Cloud Pak versions 23.0.x antérieures à 23.0.18
IBM	N/A	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10
IBM	N/A	Robotic Process Automation versions 21.0..0.x antérieures à 21.0.7.18
IBM	N/A	Robotic Process Automation versions 23.0.x antérieures à 23.0.18
IBM	N/A	Robotic Process Automation pour Cloud Pak versions 21.0.0.x antérieures à 21.0.7.18
IBM	N/A	QRadar Network Capture versions 7.5.x antérieures à 7.5.0 Update Package 10

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7173421	2024-10-17	vendor-advisory
Bulletin de sécurité IBM 7173043	2024-10-14	vendor-advisory
Bulletin de sécurité IBM 7173420	2024-10-17	vendor-advisory
Bulletin de sécurité IBM 7173226	2024-10-16	vendor-advisory
Bulletin de sécurité IBM 7173224	2024-10-16	vendor-advisory
Bulletin de sécurité IBM 7173097	2024-10-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere Application Server Liberty versions 20.0.12 \u00e0 24.0.0.10  sans le correctif de s\u00e9curit\u00e9 PH63533 ou ant\u00e9rieures \u00e0 24.0.0.11 (disponibilit\u00e9 pr\u00e9vue pour le dernier trimestre 2024)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Storage Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation pour Cloud Pak versions 23.0.x ant\u00e9rieures \u00e0 23.0.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation versions 21.0..0.x ant\u00e9rieures \u00e0 21.0.7.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation versions 23.0.x ant\u00e9rieures \u00e0 23.0.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation pour Cloud Pak versions 21.0.0.x ant\u00e9rieures \u00e0 21.0.7.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Network Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Package 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-37370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
    },
    {
      "name": "CVE-2023-25577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
    },
    {
      "name": "CVE-2023-37536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
    },
    {
      "name": "CVE-2023-52675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
    },
    {
      "name": "CVE-2024-26656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2024-26974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
    },
    {
      "name": "CVE-2022-48468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
    },
    {
      "name": "CVE-2023-20592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20592"
    },
    {
      "name": "CVE-2018-1311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1311"
    },
    {
      "name": "CVE-2024-26585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
    },
    {
      "name": "CVE-2024-23944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
    },
    {
      "name": "CVE-2024-27397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
    },
    {
      "name": "CVE-2020-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25219"
    },
    {
      "name": "CVE-2024-35854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2023-52878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2023-45178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
    },
    {
      "name": "CVE-2024-5564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
    },
    {
      "name": "CVE-2023-23934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
    },
    {
      "name": "CVE-2021-42771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
    },
    {
      "name": "CVE-2023-52669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
    },
    {
      "name": "CVE-2024-31881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
    },
    {
      "name": "CVE-2024-36004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
    },
    {
      "name": "CVE-2024-26859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
    },
    {
      "name": "CVE-2022-38725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38725"
    },
    {
      "name": "CVE-2024-35959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
    },
    {
      "name": "CVE-2024-35855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
    },
    {
      "name": "CVE-2024-31880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2024-26801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
    },
    {
      "name": "CVE-2024-36007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
    },
    {
      "name": "CVE-2021-47311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
    },
    {
      "name": "CVE-2024-28762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
    },
    {
      "name": "CVE-2021-45429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45429"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2024-35852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
    },
    {
      "name": "CVE-2020-7212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7212"
    },
    {
      "name": "CVE-2023-52781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2021-47073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
    },
    {
      "name": "CVE-2024-26804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
    },
    {
      "name": "CVE-2024-28786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28786"
    },
    {
      "name": "CVE-2023-52686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
    },
    {
      "name": "CVE-2021-47236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
    },
    {
      "name": "CVE-2024-35890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-52877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2023-6349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2024-32487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
    },
    {
      "name": "CVE-2024-26826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
    },
    {
      "name": "CVE-2024-26583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
    },
    {
      "name": "CVE-2024-35888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2023-52700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
    },
    {
      "name": "CVE-2023-46136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2021-47495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
    },
    {
      "name": "CVE-2024-26675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
    },
    {
      "name": "CVE-2024-26906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
    },
    {
      "name": "CVE-2024-26584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
    },
    {
      "name": "CVE-2023-31346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31346"
    },
    {
      "name": "CVE-2024-5197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2024-35835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
    },
    {
      "name": "CVE-2024-26735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
    },
    {
      "name": "CVE-2023-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
    },
    {
      "name": "CVE-2021-46972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
    },
    {
      "name": "CVE-2020-26137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
    },
    {
      "name": "CVE-2023-29267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
    },
    {
      "name": "CVE-2023-52667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
    },
    {
      "name": "CVE-2023-52703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
    },
    {
      "name": "CVE-2022-48624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
    },
    {
      "name": "CVE-2024-26759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
    },
    {
      "name": "CVE-2023-52464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
    },
    {
      "name": "CVE-2023-52813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
    },
    {
      "name": "CVE-2024-35838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
    },
    {
      "name": "CVE-2023-52615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
    },
    {
      "name": "CVE-2023-52560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2022-46329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
    },
    {
      "name": "CVE-2021-47069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
    },
    {
      "name": "CVE-2020-26154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26154"
    },
    {
      "name": "CVE-2024-35960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
    },
    {
      "name": "CVE-2023-30861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
    },
    {
      "name": "CVE-2023-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
    },
    {
      "name": "CVE-2020-26555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
    },
    {
      "name": "CVE-2024-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
    },
    {
      "name": "CVE-2023-52835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2024-26982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
    },
    {
      "name": "CVE-2021-47310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
    },
    {
      "name": "CVE-2023-52626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
    },
    {
      "name": "CVE-2024-35958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
    },
    {
      "name": "CVE-2024-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
    },
    {
      "name": "CVE-2021-47456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
    },
    {
      "name": "CVE-2024-28752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28752"
    },
    {
      "name": "CVE-2021-47356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2021-47353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
    },
    {
      "name": "CVE-2024-37371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
    },
    {
      "name": "CVE-2023-5090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
    },
    {
      "name": "CVE-2024-27410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
    },
    {
      "name": "CVE-2021-46909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
    },
    {
      "name": "CVE-2024-35853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
    },
    {
      "name": "CVE-2024-26907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
    }
  ],
  "initial_release_date": "2024-10-18T00:00:00",
  "last_revision_date": "2024-10-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0903",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173421",
      "url": "https://www.ibm.com/support/pages/node/7173421"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173043",
      "url": "https://www.ibm.com/support/pages/node/7173043"
    },
    {
      "published_at": "2024-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173420",
      "url": "https://www.ibm.com/support/pages/node/7173420"
    },
    {
      "published_at": "2024-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173226",
      "url": "https://www.ibm.com/support/pages/node/7173226"
    },
    {
      "published_at": "2024-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173224",
      "url": "https://www.ibm.com/support/pages/node/7173224"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173097",
      "url": "https://www.ibm.com/support/pages/node/7173097"
    }
  ]
}

CERTFR-2025-AVI-0512

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.16
IBM	Db2	Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4
IBM	Db2 Warehouse	Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7236500	2025-06-12	vendor-advisory
Bulletin de sécurité IBM 7234674	2025-06-11	vendor-advisory
Bulletin de sécurité IBM 7236354	2025-06-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
      "product": {
        "name": "Db2 Warehouse",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
    },
    {
      "name": "CVE-2018-19361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
    },
    {
      "name": "CVE-2023-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
    },
    {
      "name": "CVE-2021-33036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2024-22201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2018-14719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2025-47944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2025-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
    },
    {
      "name": "CVE-2025-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
    },
    {
      "name": "CVE-2024-25638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2023-45178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
    },
    {
      "name": "CVE-2024-47076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
    },
    {
      "name": "CVE-2024-47177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
    },
    {
      "name": "CVE-2022-30635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
    },
    {
      "name": "CVE-2022-26612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2024-47561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2024-31881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2018-14718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
    },
    {
      "name": "CVE-2025-0923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2018-19360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-31880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2024-28762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2023-50298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2024-53197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
    },
    {
      "name": "CVE-2025-43859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2024-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2024-37529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2021-25642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
    },
    {
      "name": "CVE-2024-53382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2020-9492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
    },
    {
      "name": "CVE-2025-27220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2024-12905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
    },
    {
      "name": "CVE-2024-41946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
    },
    {
      "name": "CVE-2024-52046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
    },
    {
      "name": "CVE-2021-37404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
    },
    {
      "name": "CVE-2025-47935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2023-44981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2024-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2024-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
    },
    {
      "name": "CVE-2024-57965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
    },
    {
      "name": "CVE-2023-29267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
    },
    {
      "name": "CVE-2024-31882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2018-14720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
    },
    {
      "name": "CVE-2024-47176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2023-52922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2024-6827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
    },
    {
      "name": "CVE-2018-14721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
    },
    {
      "name": "CVE-2018-11307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2025-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
    },
    {
      "name": "CVE-2022-42969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2024-41091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
    },
    {
      "name": "CVE-2024-35152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2025-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
    },
    {
      "name": "CVE-2023-42282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2024-47175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
    },
    {
      "name": "CVE-2024-41123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
    },
    {
      "name": "CVE-2023-39663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
    },
    {
      "name": "CVE-2024-35136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
    },
    {
      "name": "CVE-2022-25168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
    },
    {
      "name": "CVE-2024-49761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    }
  ],
  "initial_release_date": "2025-06-13T00:00:00",
  "last_revision_date": "2025-06-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0512",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
      "url": "https://www.ibm.com/support/pages/node/7236500"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
      "url": "https://www.ibm.com/support/pages/node/7234674"
    },
    {
      "published_at": "2025-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
      "url": "https://www.ibm.com/support/pages/node/7236354"
    }
  ]
}

CERTFR-2024-AVI-0939

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling	Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1
IBM	QRadar	QRadar App SDK versions antérieures à 2.2.2
IBM	Sterling	Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1
IBM	Cloud Pak	Cloud Pak versions antérieures à 2.3.5.0 pour Power
IBM	Cloud Pak	Cloud Pak versions antérieures à 2.3.4.1 pour Intel
IBM	Sterling	Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2
IBM	Sterling	Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7174441	2024-10-30	vendor-advisory
Bulletin de sécurité IBM 7174420	2024-10-30	vendor-advisory
Bulletin de sécurité IBM 7169788	2024-10-28	vendor-advisory
Bulletin de sécurité IBM 7174440	2024-10-30	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar App SDK versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak versions ant\u00e9rieures \u00e0 2.3.4.1 pour Intel",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 ",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2015-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2023-47747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47747"
    },
    {
      "name": "CVE-2023-47158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47158"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2023-46167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
    },
    {
      "name": "CVE-2023-38740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2023-38719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
    },
    {
      "name": "CVE-2023-45178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
    },
    {
      "name": "CVE-2023-47701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
    },
    {
      "name": "CVE-2023-50308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50308"
    },
    {
      "name": "CVE-2023-40687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
    },
    {
      "name": "CVE-2023-52296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52296"
    },
    {
      "name": "CVE-2015-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
    },
    {
      "name": "CVE-2024-25046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25046"
    },
    {
      "name": "CVE-2024-31881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
    },
    {
      "name": "CVE-2015-8392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2015-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2015-8393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
    },
    {
      "name": "CVE-2024-31880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2024-28762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
    },
    {
      "name": "CVE-2024-34062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34062"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2023-47746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47746"
    },
    {
      "name": "CVE-2024-27254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27254"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2023-47141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47141"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2023-40692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
    },
    {
      "name": "CVE-2023-38003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2024-22360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22360"
    },
    {
      "name": "CVE-2024-5569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
    },
    {
      "name": "CVE-2023-38729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38729"
    },
    {
      "name": "CVE-2023-33850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2023-38727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
    },
    {
      "name": "CVE-2023-29258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
    },
    {
      "name": "CVE-2023-29267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
    },
    {
      "name": "CVE-2002-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
    },
    {
      "name": "CVE-2023-43020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
    },
    {
      "name": "CVE-2023-27859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27859"
    },
    {
      "name": "CVE-2023-32731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2023-40374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2024-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
    },
    {
      "name": "CVE-2023-40372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
    },
    {
      "name": "CVE-2023-47152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47152"
    },
    {
      "name": "CVE-2012-2677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2677"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    }
  ],
  "initial_release_date": "2024-10-31T00:00:00",
  "last_revision_date": "2024-10-31T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0939",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-10-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174441",
      "url": "https://www.ibm.com/support/pages/node/7174441"
    },
    {
      "published_at": "2024-10-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174420",
      "url": "https://www.ibm.com/support/pages/node/7174420"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7169788",
      "url": "https://www.ibm.com/support/pages/node/7169788"
    },
    {
      "published_at": "2024-10-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174440",
      "url": "https://www.ibm.com/support/pages/node/7174440"
    }
  ]
}

gsd-2024-31881

Vulnerability from gsd

Modified

2024-04-11 05:03

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-31881

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-31881"
      ],
      "id": "GSD-2024-31881",
      "modified": "2024-04-11T05:03:20.598210Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-31881",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

wid-sec-w-2024-1360

Vulnerability from csaf_certbund

Published

2024-06-11 22:00

Modified

2024-12-01 23:00

Summary

IBM DB2: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1360 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1360.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1360 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1360"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156844 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156844"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156845 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156845"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156846 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156846"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156847 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156847"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156848 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156848"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156849 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156849"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156850 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156850"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156851 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156851"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156852 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156852"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - June 18 2024",
        "url": "https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7159926 vom 2024-07-10",
        "url": "https://www.ibm.com/support/pages/node/7159926"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7167605 vom 2024-09-05",
        "url": "https://www.ibm.com/support/pages/node/7167605"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7168022 vom 2024-09-10",
        "url": "https://www.ibm.com/support/pages/node/7168022"
      },
      {
        "category": "external",
        "summary": "HCL Security Advisory vom 2024-11-30",
        "url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=ab451f7ffb0a5210db10f2797befdcca"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-01T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-02T09:04:01.365+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-1360",
      "initial_release_date": "2024-06-11T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-09-05T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-09-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2024-12-01T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von HCL aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c8.9.3",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c8.9.3",
                  "product_id": "T035527"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 8.9.3",
                "product": {
                  "name": "Atlassian Confluence Data Center 8.9.3",
                  "product_id": "T035527-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__8.9.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.11 LTS",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.11 LTS",
                  "product_id": "T035530"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.11 LTS",
                "product": {
                  "name": "Atlassian Confluence 8.5.11 LTS",
                  "product_id": "T035530-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.11_lts"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.19.24 LTS",
                "product": {
                  "name": "Atlassian Confluence \u003c7.19.24 LTS",
                  "product_id": "T035531"
                }
              },
              {
                "category": "product_version",
                "name": "7.19.24 LTS",
                "product": {
                  "name": "Atlassian Confluence 7.19.24 LTS",
                  "product_id": "T035531-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:7.19.24_lts"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HCL Commerce",
            "product": {
              "name": "HCL Commerce",
              "product_id": "T019293",
              "product_identification_helper": {
                "cpe": "cpe:/a:hcltechsw:commerce:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV10.5",
                "product": {
                  "name": "IBM DB2 \u003cV10.5",
                  "product_id": "T035400"
                }
              },
              {
                "category": "product_version",
                "name": "V10.5",
                "product": {
                  "name": "IBM DB2 V10.5",
                  "product_id": "T035400-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:v10.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cV11.1",
                "product": {
                  "name": "IBM DB2 \u003cV11.1",
                  "product_id": "T035401"
                }
              },
              {
                "category": "product_version",
                "name": "V11.1",
                "product": {
                  "name": "IBM DB2 V11.1",
                  "product_id": "T035401-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:v11.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cV11.5",
                "product": {
                  "name": "IBM DB2 \u003cV11.5",
                  "product_id": "T035402"
                }
              },
              {
                "category": "product_version",
                "name": "V11.5",
                "product": {
                  "name": "IBM DB2 V11.5",
                  "product_id": "T035402-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:v11.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.2",
                "product": {
                  "name": "IBM License Metric Tool 9.2",
                  "product_id": "T027649",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:license_metric_tool:9.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "License Metric Tool"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.2.0.5 IF5",
                "product": {
                  "name": "IBM Tivoli Business Service Manager \u003c6.2.0.5 IF5",
                  "product_id": "T037436"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.0.5 IF5",
                "product": {
                  "name": "IBM Tivoli Business Service Manager 6.2.0.5 IF5",
                  "product_id": "T037436-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0.5_if5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Business Service Manager"
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Key Lifecycle Manager",
            "product": {
              "name": "IBM Tivoli Key Lifecycle Manager",
              "product_id": "T026238",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-29267",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2023-29267"
    },
    {
      "cve": "CVE-2023-45853",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2023-45853"
    },
    {
      "cve": "CVE-2024-25710",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-25710"
    },
    {
      "cve": "CVE-2024-26308",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-26308"
    },
    {
      "cve": "CVE-2024-28762",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-28762"
    },
    {
      "cve": "CVE-2024-29025",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-31880",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-31880"
    },
    {
      "cve": "CVE-2024-31881",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-31881"
    },
    {
      "cve": "CVE-2024-28757",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 besteht eine Schwachstelle. Dieser Fehler betrifft die Expat-Bibliothek aufgrund einer unsachgem\u00e4\u00dfen Behandlung von XML External Entity (XXE)-Deklarationen durch die Funktion XML_ExternalEntityParserCreate, was zur Offenlegung vertraulicher Informationen f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben und diese Informationen f\u00fcr weitere Angriffe zu verwenden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-28757"
    },
    {
      "cve": "CVE-2024-29131",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in der Open-Source-Bibliothek commons-configuration2 bei Verwendung des NoSQL-Hadoop-Wrappers aufgrund eines Out-of-Bounds-Write-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-29131"
    },
    {
      "cve": "CVE-2024-29133",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in der Open-Source-Bibliothek commons-configuration2 bei Verwendung des NoSQL-Hadoop-Wrappers aufgrund eines Out-of-Bounds-Write-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-29133"
    }
  ]
}

WID-SEC-W-2024-1360

Vulnerability from csaf_certbund

Published

2024-06-11 22:00

Modified

2024-12-01 23:00

Summary

IBM DB2: Mehrere Schwachstellen

Notes

Produktbeschreibung

IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1360 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1360.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1360 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1360"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156844 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156844"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156845 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156845"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156846 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156846"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156847 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156847"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156848 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156848"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156849 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156849"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156850 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156850"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156851 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156851"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156852 vom 2024-06-11",
        "url": "https://www.ibm.com/support/pages/node/7156852"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - June 18 2024",
        "url": "https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7159926 vom 2024-07-10",
        "url": "https://www.ibm.com/support/pages/node/7159926"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7167605 vom 2024-09-05",
        "url": "https://www.ibm.com/support/pages/node/7167605"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7168022 vom 2024-09-10",
        "url": "https://www.ibm.com/support/pages/node/7168022"
      },
      {
        "category": "external",
        "summary": "HCL Security Advisory vom 2024-11-30",
        "url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=ab451f7ffb0a5210db10f2797befdcca"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-01T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-02T09:04:01.365+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-1360",
      "initial_release_date": "2024-06-11T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-09-05T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-09-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2024-12-01T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von HCL aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c8.9.3",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c8.9.3",
                  "product_id": "T035527"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 8.9.3",
                "product": {
                  "name": "Atlassian Confluence Data Center 8.9.3",
                  "product_id": "T035527-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__8.9.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.11 LTS",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.11 LTS",
                  "product_id": "T035530"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.11 LTS",
                "product": {
                  "name": "Atlassian Confluence 8.5.11 LTS",
                  "product_id": "T035530-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.11_lts"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.19.24 LTS",
                "product": {
                  "name": "Atlassian Confluence \u003c7.19.24 LTS",
                  "product_id": "T035531"
                }
              },
              {
                "category": "product_version",
                "name": "7.19.24 LTS",
                "product": {
                  "name": "Atlassian Confluence 7.19.24 LTS",
                  "product_id": "T035531-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:7.19.24_lts"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HCL Commerce",
            "product": {
              "name": "HCL Commerce",
              "product_id": "T019293",
              "product_identification_helper": {
                "cpe": "cpe:/a:hcltechsw:commerce:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV10.5",
                "product": {
                  "name": "IBM DB2 \u003cV10.5",
                  "product_id": "T035400"
                }
              },
              {
                "category": "product_version",
                "name": "V10.5",
                "product": {
                  "name": "IBM DB2 V10.5",
                  "product_id": "T035400-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:v10.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cV11.1",
                "product": {
                  "name": "IBM DB2 \u003cV11.1",
                  "product_id": "T035401"
                }
              },
              {
                "category": "product_version",
                "name": "V11.1",
                "product": {
                  "name": "IBM DB2 V11.1",
                  "product_id": "T035401-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:v11.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cV11.5",
                "product": {
                  "name": "IBM DB2 \u003cV11.5",
                  "product_id": "T035402"
                }
              },
              {
                "category": "product_version",
                "name": "V11.5",
                "product": {
                  "name": "IBM DB2 V11.5",
                  "product_id": "T035402-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:v11.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.2",
                "product": {
                  "name": "IBM License Metric Tool 9.2",
                  "product_id": "T027649",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:license_metric_tool:9.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "License Metric Tool"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.2.0.5 IF5",
                "product": {
                  "name": "IBM Tivoli Business Service Manager \u003c6.2.0.5 IF5",
                  "product_id": "T037436"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.0.5 IF5",
                "product": {
                  "name": "IBM Tivoli Business Service Manager 6.2.0.5 IF5",
                  "product_id": "T037436-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0.5_if5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Business Service Manager"
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Key Lifecycle Manager",
            "product": {
              "name": "IBM Tivoli Key Lifecycle Manager",
              "product_id": "T026238",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-29267",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2023-29267"
    },
    {
      "cve": "CVE-2023-45853",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2023-45853"
    },
    {
      "cve": "CVE-2024-25710",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-25710"
    },
    {
      "cve": "CVE-2024-26308",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-26308"
    },
    {
      "cve": "CVE-2024-28762",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-28762"
    },
    {
      "cve": "CVE-2024-29025",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-31880",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-31880"
    },
    {
      "cve": "CVE-2024-31881",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-31881"
    },
    {
      "cve": "CVE-2024-28757",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 besteht eine Schwachstelle. Dieser Fehler betrifft die Expat-Bibliothek aufgrund einer unsachgem\u00e4\u00dfen Behandlung von XML External Entity (XXE)-Deklarationen durch die Funktion XML_ExternalEntityParserCreate, was zur Offenlegung vertraulicher Informationen f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben und diese Informationen f\u00fcr weitere Angriffe zu verwenden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035400",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-28757"
    },
    {
      "cve": "CVE-2024-29131",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in der Open-Source-Bibliothek commons-configuration2 bei Verwendung des NoSQL-Hadoop-Wrappers aufgrund eines Out-of-Bounds-Write-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-29131"
    },
    {
      "cve": "CVE-2024-29133",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in der Open-Source-Bibliothek commons-configuration2 bei Verwendung des NoSQL-Hadoop-Wrappers aufgrund eines Out-of-Bounds-Write-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T035402",
          "T027649",
          "T035527",
          "T019293",
          "T026238",
          "T037436",
          "T035401",
          "T035531",
          "T035530"
        ]
      },
      "release_date": "2024-06-11T22:00:00.000+00:00",
      "title": "CVE-2024-29133"
    }
  ]
}

ghsa-9g3p-2g77-4wq8

Vulnerability from github

Published

2024-06-12 21:31

Modified

2025-11-04 18:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-31881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-12T19:15:50Z",
    "severity": "MODERATE"
  },
  "details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613.",
  "id": "GHSA-9g3p-2g77-4wq8",
  "modified": "2025-11-04T18:30:59Z",
  "published": "2024-06-12T21:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31881"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287613"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240912-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7156852"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2024-31881

Vulnerability from fkie_nvd

Published

2024-06-12 19:15

Modified

2025-11-04 17:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/287613	VDB Entry
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7156852	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/287613	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240912-0005/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7156852	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.  IBM X-Force ID:  287613."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio ya que el servidor puede fallar cuando un usuario autenticado utiliza una consulta especialmente manipulada en ciertas tablas de columnas. ID de IBM X-Force: 287613."
    }
  ],
  "id": "CVE-2024-31881",
  "lastModified": "2025-11-04T17:15:51.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-12T19:15:50.710",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287613"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7156852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240912-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7156852"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-31881 (GCVE-0-2024-31881)

Vulnerability from cvelistv5

Vulnerability from cnvd

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from gsd

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from github

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature