Vulnerability Name: CVE-2021-38926 (CCN-210321) Assigned: 2021-12-08 Published: 2021-12-08 Updated: 2022-07-12 Summary: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
CVSS v2 Severity: 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:C/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2021-38926 ibm-db2-cve202138926-priv-escalation(210321) ibm-db2-cve202138926-priv-escalation (210321) https://security.netapp.com/advisory/ntap-20220114-0002/ IBM Db2 could allow a local user elevated privileges due to allowing modification of columns of existing tasks (CVE-2021-38926) https://www.ibm.com/support/pages/node/6523808 IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data hve released a fix in response to multiple vulnerabilities found in IBM Db2 IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2 Vulnerabilities in IBM Db2 affect IBM Spectrum Protect Server (CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926) Multiple vulnerabilities has been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics Multiple vulnerabilities found in IBM DB2 which is shipped with IBM Intelligent Operations Center(CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:db2:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:10.5:-:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:-:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:-:*:* AND cpe:/o:microsoft:windows:-:*:*:*:*:*:*:* OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:-:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:-:*:*:*:*:*:*:* OR cpe:/o:oracle:solaris:-:*:*:*:*:*:-:* Configuration 2 :cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:9.7:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* AND cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_server:8.1.0.000:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:* BACK
ibm db2 11.1
ibm db2 9.7
ibm db2 10.5 -
ibm db2 11.5
ibm db2 10.1
microsoft windows -
linux linux kernel -
hp hp-ux -
ibm aix -
oracle solaris -
netapp oncommand insight -
ibm db2 10.5
ibm db2 10.5
ibm db2 10.5
ibm db2 10.1
ibm db2 10.1
ibm db2 10.1
ibm db2 9.7
ibm db2 9.7
ibm db2 9.7
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
ibm intelligent operations center 5.1.0
ibm intelligent operations center 5.1.0.2
ibm intelligent operations center 5.1.0.3
ibm intelligent operations center 5.1.0.4
ibm intelligent operations center 5.1.0.6
ibm spectrum protect server 8.1.0.000
ibm intelligent operations center 5.2
ibm intelligent operations center 5.2.1
Denotes that component is vulnerable