CVE-2021-39002

January 21, 2022

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Summary:

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Reference Links(if available):

  • https://exchange.xforce.ibmcloud.com/vulnerabilities/213217
  • https://www.ibm.com/support/pages/node/6523802
  • https://security.netapp.com/advisory/ntap-20220114-0002/

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    23b55144d4c6bb40f837201e0f467ed9d0a1107d54b5ee3be6d144e7f7cf7aec

    CrimsonEDR – Simulate The Behavior Of AV/EDR For Malware Development Training

    April 28, 2024
    hackerone

    HackerOne Bug Bounty Disclosure: cve-apache-airflow-authentication-bypass-when-legacy-openid-is-in-use-as-auth-type-parantheses

    April 28, 2024
    hackerone

    HackerOne Bug Bounty Disclosure: cve-potential-regular-expression-denial-of-service-in-django-utils-text-truncator-words-scyoon

    April 28, 2024
    Basta

    Black Basta Ransomware Victim: thelawrencegroup[.]com_privat

    April 28, 2024
    Basta

    Black Basta Ransomware Victim: true[.]co[.]uk

    April 28, 2024