March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2021-20047 – SonicWall Global VPN Client
December 10, 2021
Rewterz Threat Advisory – Multiple Fortinet Vulnerabilities
December 10, 2021
Rewterz Threat Advisory – CVE-2021-20047 – SonicWall Global VPN Client
December 10, 2021
Rewterz Threat Advisory – Multiple Fortinet Vulnerabilities
December 10, 2021
Severity
Medium
Analysis Summary
CVE-2021-39002
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2021-38951
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources.
CVE-2021-38931
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from.
CVE-2021-38926
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks.
CVE-2021-29678
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files.
CVE-2021-20373
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions.
Impact
- Information Disclosure
- Denial of Service
- Privilege Escalation
- Unauthorized Access
Affected Vendors
IBM
Affected Products
- IBM WebSphere Application Server 7.0
- IBM WebSphere Application Server 8.0
- IBM WebSphere Application Server 8.5
- IBM WebSphere Application Server 9.0
- IBM DB2 for Linux UNIX and Windows 10.5
- IBM DB2 for Linux UNIX and Windows 10.1
- IBM DB2 for Linux UNIX and Windows 9.7
- IBM DB2 for Linux UNIX and Windows 11.1
- IBM DB2 for Linux UNIX and Windows 11.5
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.
CVE-2021-39002
CVE-2021-38951
CVE-2021-38931
CVE-2021-38926
CVE-2021-29678
CVE-2021-20373