IBM DB2 10.5 < FP8 Special Build 36828 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (Windows)

medium Nessus Plugin ID 103254

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

According to its version, the installation of IBM DB2 running on the remote host is either 10.5 prior to fix pack 8 Special Build 36828, or 11.1.2.2 prior to fix pack 2 Special Build 36792. It is, therefore, affected by multiple vulnerabilities related to denial of service and possible exposure of highly sensitive information as described in the advisories.

Note: swg22005740 only affects 11.1.2.2.x.

Solution

Apply the appropriate IBM DB2 Connect Special Build based on the most recent fix pack level for your branch.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg22007183

http://www-01.ibm.com/support/docview.wss?uid=swg22005740

Plugin Details

Severity: Medium

ID: 103254

File Name: db2_connect_1112fp2_36792_win.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 9/15/2017

Updated: 11/12/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-1434

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:db2_connect

Required KB Items: SMB/db2_connect/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 9/7/2017

Vulnerability Publication Date: 9/7/2017

Reference Information

CVE: CVE-2017-1434, CVE-2017-1519