CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-39002
https://notcve.org/view.php?id=CVE-2021-39002
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial • https://exchange.xforce.ibmcloud.com/vulnerabilities/213217 https://security.netapp.com/advisory/ntap-20220114-0002 https://www.ibm.com/support/pages/node/6523802 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38931
https://notcve.org/view.php?id=CVE-2021-38931
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 11.1, y 11.5, es vulnerable a una divulgación de información como resultado de que un usuario conectado tenga acceso indirecto de lectura a una tabla en la que no está autorizado a seleccionar. IBM X-Force ID: 210418 • https://exchange.xforce.ibmcloud.com/vulnerabilities/210418 https://security.netapp.com/advisory/ntap-20220114-0001 https://www.ibm.com/support/pages/node/6523810 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-38926
https://notcve.org/view.php?id=CVE-2021-38926
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario local conseguir privilegios debido a que permite la modificación de columnas de tareas existentes. IBM X-Force ID: 210321 • https://exchange.xforce.ibmcloud.com/vulnerabilities/210321 https://security.netapp.com/advisory/ntap-20220114-0002 https://www.ibm.com/support/pages/node/6523808 •
CVSS: 8.7EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29678
https://notcve.org/view.php?id=CVE-2021-29678
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario con autoridad DBADM acceder a otras bases de datos y leer o modificar archivos. IBM X-Force ID: 199914 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199914 https://security.netapp.com/advisory/ntap-20220114-0002 https://www.ibm.com/support/pages/node/6523806 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20373
https://notcve.org/view.php?id=CVE-2021-20373
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. IBM Db2 versiones 9.7, 10.1, 10.5, 11.1 y 11.5, pueden ser vulnerables a una divulgación de información cuando es usada la utilidad LOAD, ya que en determinadas circunstancias la utilidad LOAD no aplica las restricciones de directorio. IBM X-Force ID: 199521 • https://exchange.xforce.ibmcloud.com/vulnerabilities/195521 https://security.netapp.com/advisory/ntap-20220225-0005 https://www.ibm.com/support/pages/node/6523804 •