Vulnerability Name: CVE-2021-20579 (CCN-199283) Assigned: 2020-12-17 Published: 2021-06-23 Updated: 2022-06-28 Summary: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. CVSS v3 Severity: 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2021-20579 ibm-db2-cve202120579-info-disc(199283) ibm-db2-cve202120579-info-disc (199283) https://security.netapp.com/advisory/ntap-20210720-0006/ IBM Db2 is vulnerable to an information disclosure (CVE-2021-20579) https://www.ibm.com/support/pages/node/6466369 Multiple IBM Db2 Server Vulnerabilities Affect IBM Emptoris Sourcing Multiple IBM Db2 Server Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform Multiple IBM Db2 Server Vulnerabilities Affect IBM Emptoris Program Management Multiple IBM Db2 Server Vulnerabilities Affect IBM Emptoris Contract Management Vulnerabilities in IBM Db2 affect IBM Spectrum Protect Server (CVE-2021-29777, CVE-2021-20579, CVE-2021-29703, CVE-2020-4885, CVE-2020-4945) Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product. Multiple vulnerabilities found in Db2 affect IBM Cloud Pak System Software and Cloud Pak System Software Suite Multiple vulnerabilities has been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:db2:10.1:*:*:*:*:-:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:-:*:* AND cpe:/o:microsoft:windows:-:*:*:*:*:*:*:* OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:-:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:-:*:*:*:*:*:*:* OR cpe:/o:oracle:solaris:-:*:*:*:*:*:-:* Configuration CCN 1 :cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* AND cpe:/a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_contract_management:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_sourcing:10.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_contract_management:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_contract_management:10.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_program_management:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_program_management:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_program_management:10.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.3:*:*:*:*:*:*:* BACK
ibm db2 10.1
ibm db2 11.1
ibm db2 9.7
ibm db2 10.5
ibm db2 11.5
microsoft windows -
linux linux kernel -
hp hp-ux -
ibm aix -
oracle solaris -
ibm db2 10.5
ibm db2 10.5
ibm db2 10.5
ibm db2 10.1
ibm db2 10.1
ibm db2 10.1
ibm db2 9.7
ibm db2 9.7
ibm db2 9.7
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
ibm emptoris sourcing 10.1.0
ibm emptoris sourcing 10.1.1
ibm emptoris contract management 10.1.0
ibm emptoris sourcing 10.1.3
ibm monitoring 8.1.4
ibm emptoris contract management 10.1.1
ibm emptoris contract management 10.1.3
ibm emptoris program management 10.1.0
ibm emptoris program management 10.1.1
ibm emptoris program management 10.1.3
ibm emptoris supplier lifecycle management 10.1.0
ibm emptoris supplier lifecycle management 10.1.1
ibm emptoris supplier lifecycle management 10.1.3
ibm emptoris strategic supply management 10.1.0
ibm emptoris strategic supply management 10.1.1
ibm emptoris strategic supply management 10.1.3
Denotes that component is vulnerable