IBM DB2 10.1 Information Disclosure Vulnerability

Summary

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Credit:

The information has been provided by IBM

The original article can be found at:https://www.ibm.com/support/docview.wss?uid=ibm10880743


Details

IBM DB2 is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Vulnerable Systems:

IBM DB2 9.7 FP11
IBM DB2 9.7
IBM DB2 11.1.4.4 iFix001
IBM DB2 11.1
IBM DB2 10.5 FP10
IBM DB2 10.5
IBM DB2 10.1 FP6
IBM DB2 10.1

CVE Information:
CVE-2019-4102

Disclosure Timeline:
07/01/2019

Categories: News