Security Bulletin
Summary
IBM Security Guardium has fixed these vulnerabilities
Vulnerability Details
CVEID: CVE-2008-4692
DESCRIPTION: An unspecified error in IBM DB2 related to the failure to drop views and triggers within the Native Managed Provider for .NET has an unknown impact and attack vector.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/46021 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2007-2582
DESCRIPTION: An unspecified error in IBM DB2 related to the failure to drop views and triggers within the Native Managed Provider for .NET has an unknown impact and attack vector.
CVSS Base score: 7
CVSS Vector:
CVEID: CVE-2007-3676
DESCRIPTION: The IBM DB2 Administration Server (DAS) server could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in db2dassrm. By sending a specially-crafted request to TCP port 523, a remote attacker could crash the service or execute arbitrary code with elevated privileges.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/40230 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2007-5090
DESCRIPTION: IBM Rational ClearQuest has an unspecified vulnerability which could allow a local attacker to manipulate data. An attacker could exploit this vulnerability to possibly launch further attacks on the vulnerable system.
CVSS Base score: 1.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/36771 for the current score.
CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)
CVEID: CVE-2007-5652
DESCRIPTION: IBM DB2 is vulnerable to a denial of service caused by unspecified memory corruption errors in UDB authentication list handling. An attacker could exploit this vulnerability through unknown attack vectors to crash the authentication routine.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/37290 for the current score.
CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:P/A:P)
CVEID: CVE-2008-3958
DESCRIPTION: IBM DB2 UDB is vulnerable to a denial of service, caused by an unspecified error when processing requests. By sending a specially-crafted CONNECT and ATTACH request that simulates a v7 client connect/attach request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/45133 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2008-3959
DESCRIPTION: IBM DB2 UDB is vulnerable to a denial of service, caused by an unspecified error when processing requests. By sending a specially-crafted CONNECT and ATTACH request that simulates a v7 client connect/attach request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/45134 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2008-4691
DESCRIPTION: An unspecified error in IBM DB2 related to the SQLNLS_UNPADDEDCHARLEN() function can cause a segmentation fault, resulting in a denial of service.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/46019 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
| Affected Product(s) | Version(s) |
| IBM Security Guardium | 11.1 |
Remediation/Fixes
| Product | Versions | Fix |
| IBM Security Guardium | 11.1 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur… |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Kamil Sarbinowski, Vince Dragnea, Troy Fisher and Elaheh Samani from IBM X-Force Ethical Hacking Team.
Change History
16 Oct 2020: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
19 October 2020
Initial Publish date:
16 October 2020
UID
ibm16349177