Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2021-20047 – SonicWall Global VPN Client
December 10, 2021
Rewterz
Rewterz Threat Advisory – Multiple Fortinet Vulnerabilities
December 10, 2021

Rewterz Threat Advisory – Multiple IBM Db2 and WebSphere Application Server Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-39002 

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVE-2021-38951 

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources.

CVE-2021-38931 

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. 

CVE-2021-38926 

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. 

CVE-2021-29678 

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files.

CVE-2021-20373 

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions.

Impact

  • Information Disclosure
  • Denial of Service
  • Privilege Escalation
  • Unauthorized Access

Affected Vendors

IBM

Affected Products

  • IBM WebSphere Application Server 7.0
  • IBM WebSphere Application Server 8.0
  • IBM WebSphere Application Server 8.5
  • IBM WebSphere Application Server 9.0
  • IBM DB2 for Linux UNIX and Windows 10.5
  • IBM DB2 for Linux UNIX and Windows 10.1
  • IBM DB2 for Linux UNIX and Windows 9.7
  • IBM DB2 for Linux UNIX and Windows 11.1
  • IBM DB2 for Linux UNIX and Windows 11.5

Remediation

Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.

CVE-2021-39002 

https://www.ibm.com/support/pages/node/6523802

CVE-2021-38951 

https://www.ibm.com/support/pages/node/6524674

CVE-2021-38931 

https://www.ibm.com/support/pages/node/6523810

CVE-2021-38926 

https://www.ibm.com/support/pages/node/6523808

CVE-2021-29678 

https://www.ibm.com/support/pages/node/6523806

CVE-2021-20373 

https://www.ibm.com/support/pages/node/6523804