CVE-2020-4355

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/178507	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6242350	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:db2:9.7.0.0:::::::*
	cpe:2.3:a:ibm:db2:10.1.0.0:::::::*
	cpe:2.3:a:ibm:db2:10.5.0.0:::::::*
	cpe:2.3:a:ibm:db2:11.1.0.0:::::::*
	cpe:2.3:a:ibm:db2:11.5.0.0:::::::*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

No history.

Information

Published : 2020-07-01 15:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-4355

Mitre link : CVE-2020-4355

CVE.ORG link : CVE-2020-4355

JSON object : View

Products Affected

microsoft

windows

linux

linux_kernel

ibm

db2

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-4355", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-07-01T15:15:14.547", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178507", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6242350", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507."}, {"lang": "es", "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegaci\u00f3n de servicio, causada por el manejo inapropiado de las peticiones de renegociaci\u00f3n Secure Sockets Layer (SSL). Mediante el env\u00edo de peticiones especialmente dise\u00f1adas, un atacante remoto podr\u00eda explotar esta vulnerabilidad para aumentar el uso de recursos en el sistema. IBM X-Force ID: 178507"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605"}, {"criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516"}, {"criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0"}, {"criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE"}, {"criteria": "cpe:2.3:a:ibm:db2:11.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E94B9A7-5DF7-4F52-B87F-094A50010F79"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}