There is a present IT safety alert for IBM DB2 REST. You can discover out what dangers are concerned, what merchandise are affected and what you are able to do right here.
Federal workplace for Security in Information Technology (BSI) reported a safety advisory for IBM DB2 REST on May 20, 2024. The software program incorporates a number of vulnerabilities that make it potential to assault. Linux, UNIX and Windows working techniques and the IBM DB2 product are affected by the safety vulnerability.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: IBM Security Bulletin – 7154484 (Stop: 20.05.2024).
Multiple vulnerabilities have been reported for IBM DB2 REST – Risk: High
Risk degree: 4 (excessive)
CVSS Base Score: 9.8
CVSS provisional rating: 8,5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS commonplace makes it potential to check potential or precise safety dangers primarily based on numerous standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporary scores additionally take into consideration modifications over time within the danger scenario. The magnitude of the vulnerability mentioned right here is assessed as “excessive” in accordance with the CVSS with a base rating of 9.8.
IBM DB2 REST Bug: Vulnerabilities and CVE numbers
IBM DB2 is a relational database system (RDBS) from IBM.
A distant, unknown attacker may exploit a number of vulnerabilities in IBM DB2 REST to execute arbitrary code, bypass safety measures, or trigger a denial of service.
Vulnerabilities are numbered for every product utilizing the CVE (Common Vulnerabilities and Exposures) reference system. CVE-2019-19126, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2021-35942, CVE-2021-3711, CVE-2021-3712, CVE-3712, CVE-3729 2021 -4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-2097 and CVE-2023-48795.
Systems affected by the safety hole at a look
Operating techniques
Linux, UNIX, Windows
Products
IBM DB2 REST
General suggestions for addressing IT safety gaps
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically incorporates extra details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
- If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently test the desired sources to see if a brand new safety replace is offered.
Manufacturer details about updates, patches and workarounds
Here you will see some hyperlinks with details about bug stories, safety fixes and workarounds.
IBM Security Bulletin – 7154484 vom 2024-05-20 (20.05.2024)
For extra info, see:
Version historical past of this safety alert
This is the primary model of this IBM DB2 REST IT safety discover. This doc will likely be up to date as updates are introduced. You can see the modifications made utilizing the model historical past under.
May 20, 2024 – First model
+++ Editorial be aware: This doc is predicated on present BSI knowledge and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de