Home » IT Security: Vulnerable Linux, UNIX and Windows – IT safety hole in IBM DB2 with excessive danger! Alert is getting an replace

IT Security: Vulnerable Linux, UNIX and Windows – IT safety hole in IBM DB2 with excessive danger! Alert is getting an replace

by admin
IT Security: Vulnerable Linux, UNIX and Windows – IT safety hole in IBM DB2 with excessive danger!  Alert is getting an replace

A safety alert issued for IBM DB2 has acquired an replace from BSI. You can examine which merchandise are affected by safety holes right here at information.de.

Federal workplace for Security in Information Technology (BSI) printed an replace on May 16, 2024 to the IBM DB2 high-risk safety gap identified on April 23, 2020. The vulnerability impacts Linux, UNIX and Windows working programs and merchandise IBM DB2 , Red Hat Enterprise Linux, EMC Avamar and Hitachi Ops Center.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: IBM Security Bulletin 7153639 (From 17 May 2024). Some helpful hyperlinks are listed later on this article.

Multiple IBM DB2 Vulnerabilities – Risk: High

Risk degree: 5 (excessive)
CVSS Base Score: 9.8
CVSS provisional rating: 8,5
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS normal makes it attainable to match potential or precise safety dangers based mostly on varied metrics to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporary scores additionally have in mind modifications over time within the danger state of affairs. The danger of the vulnerability talked about right here is classed as “excessive” in accordance with the CVSS with a base rating of 9.8.

IBM DB2 Bug: Implications for an IT assault

IBM DB2 is a relational database system (RDBS) from IBM.

See also  Shanghai Songjiang: 1,528 normalized nucleic acid sampling points have been set up, and more points will be added in due course

A distant, unknown, or approved attacker might exploit a number of vulnerabilities in IBM DB2 to raise privileges or trigger a denial of service.

Vulnerabilities are recognized by distinctive CVE (Common Vulnerabilities and Exposures) product numbers. CVE-2009-0001, CVE-2014-0114, CVE-2014-0193, CVE-2014-3488, CVE-2015-2156, CVE-2016-2402, CVE-2017-12972, CVE-2017-12972, CVE-2017-12972. 2913 2017-12974, CVE-2017-18640, CVE-2017-3734, CVE-2017-5637, CVE-2018-10237, CVE-2018-11771, CVE-2018-8001, CVE-802020201, CVE-2019-10086, CVE-2019-10172, CVE-2019-10202, CVE-2019-12402, CVE-2019-16869, CVE-2019-17195, CVE-2019-5019, CVE-2019-2019, CVE-2019-9514, CVE-2019-9515 and CVE-2019-9518 on the market.

Systems affected by the safety hole at a look

Operating programs
Linux, UNIX, Windows

Products
IBM DB2 11.1 (cpe:/a:ibm:db2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
IBM DB2 11.5 (cpe:/a:ibm:db2)
EMC Avamar (cpe:/a:emc:avamar)
Hitachi Ops Center (cpe:/a:hitachi:ops_center)
Hitachi Ops Center Hitachi Ops Center

Common steps to handle IT safety gaps

  1. Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This usually accommodates extra details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently verify if IT safety alert Affected producers present a brand new safety replace.

Sources for updates, patches and workarounds

Here you will discover some hyperlinks with details about bug studies, safety fixes and workarounds.

IBM Security Bulletin 7153639 vom 2024-05-17 (16.05.2024)
For extra info, see:

Dell Security Advisory DSA-2024-070 vom 2024-02-03 (04.02.2024)
For extra info, see:

See also  Linksys Router: IT security warning about new bug

Hitachi Risk Information HITACHI-SEC-2023-144 vom 2023-10-03 (03.10.2023)
For extra info, see:

IBM Security Bulletin 6605881 vom 2022-07-21 (20.07.2022)
For extra info, see:

Hitachi Risk Information HITACHI-SEC-2022-115 vom 2022-05-27 (26.05.2022)
For extra info, see:

Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20 (19.08.2021)
For extra info, see:

Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04 (03.11.2020)
For extra info, see:

Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17 (17.06.2020)
For extra info, see:

IBM Security Bulletin 6198380 vom 2020-04-23 (23.04.2020)
For extra info, see:

Version historical past of this safety alert

This is model 9 of this IBM DB2 IT safety advisory. This doc will likely be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.

April 23, 2020 – First model
June 17, 2020 – New updates from Red Hat have been added
November 3, 2020 – New updates from Red Hat have been added
08/19/2021 – New updates from Red Hat have been added
May 26, 2022 – New updates from HITACHI added
July 20, 2022 – New updates from IBM added
10/03/2023 – New updates from HITACHI added
02/04/2024 – New updates from Dell added
May 16, 2024 – New updates from IBM added

+++ Editorial word: This doc relies on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will discover sizzling information, present movies and a direct line to the editorial workforce.

See also  How do I hide a game I don't want others to see on Steam?Learn about the new feature "Private Games" | Computer King Ada

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy