IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/213217 | VDB Entry Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220114-0002/ | Third Party Advisory |
https://www.ibm.com/support/pages/node/6523802 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
21 Jan 2022, 14:47
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp
Netapp oncommand Insight |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220114-0002/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
14 Jan 2022, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2021, 19:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:* cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:* cpe:2.3:a:ibm:db2:10.1:*:*:*:*:-:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://www.ibm.com/support/pages/node/6523802 - Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/213217 - VDB Entry, Vendor Advisory | |
CWE | CWE-327 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
09 Dec 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-09 17:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-39002
Mitre link : CVE-2021-39002
CVE.ORG link : CVE-2021-39002
JSON object : View
Products Affected
oracle
- solaris
netapp
- oncommand_insight
linux
- linux_kernel
microsoft
- windows
hp
- hp-ux
ibm
- aix
- db2
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm