Vulnerability Name: | CVE-2017-1571 (CCN-131853) | ||||||||||||
Assigned: | 2016-11-30 | ||||||||||||
Published: | 2018-03-14 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853. | ||||||||||||
CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-327 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-1571 Source: CCN Type: IBM Security Bulletin 2012948 (DB2 for Linux, UNIX and Windows) Under specific circumstances IBM Db2 installation creates users with a weak password hashing algorithm (CVE-2017-1571). Source: CONFIRM Type: Vendor Advisory http://www.ibm.com/support/docview.wss?uid=swg22012948 Source: BID Type: Third Party Advisory, VDB Entry 103494 Source: CCN Type: BID-103494 IBM DB2 CVE-2017-1571 Local Information Disclosure Vulnerability Source: MISC Type: VDB Entry, Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/131853 Source: XF Type: UNKNOWN ibm-db2-cve20171571-info-disc(131853) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||||||
BACK |