Vulnerability Name: CVE-2021-38931 (CCN-210418) Assigned: 2021-12-08 Published: 2021-12-08 Updated: 2022-01-21 Summary: IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. CVSS v3 Severity: 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-668 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2021-38931 ibm-db2-cve202138931-info-disc(210418) ibm-db2-cve202138931-info-disc (210418) https://security.netapp.com/advisory/ntap-20220114-0001/ IBM Db2 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. (CVE-2021-38931) https://www.ibm.com/support/pages/node/6523810 IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data hve released a fix in response to multiple vulnerabilities found in IBM Db2 IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2 Vulnerabilities in IBM Db2 affect IBM Spectrum Protect Server (CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926) Multiple vulnerabilities has been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics Multiple vulnerabilities found in IBM DB2 which is shipped with IBM Intelligent Operations Center(CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:db2:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:-:*:* AND cpe:/o:hp:hp-ux:-:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:-:*:*:*:*:*:*:* OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:* OR cpe:/o:oracle:solaris:-:*:*:*:*:*:-:* Configuration 2 :cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* AND cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_server:8.1.0.000:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:* BACK
ibm db2 11.1
ibm db2 11.5
hp hp-ux -
ibm aix -
linux linux kernel -
microsoft windows -
oracle solaris -
netapp oncommand insight -
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
ibm intelligent operations center 5.1.0
ibm intelligent operations center 5.1.0.2
ibm intelligent operations center 5.1.0.3
ibm intelligent operations center 5.1.0.4
ibm intelligent operations center 5.1.0.6
ibm spectrum protect server 8.1.0.000
ibm intelligent operations center 5.2
ibm intelligent operations center 5.2.1
Denotes that component is vulnerable