CVE-2019-4102: Weak Encryption
First published: Mon Jul 01 2019(Updated: )
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Db2 | =9.7.0.0 | |
| IBM Db2 | =9.7.0.1 | |
| IBM Db2 | =9.7.0.2 | |
| IBM Db2 | =9.7.0.3 | |
| IBM Db2 | =9.7.0.4 | |
| IBM Db2 | =9.7.0.5 | |
| IBM Db2 | =9.7.0.6 | |
| IBM Db2 | =9.7.0.7 | |
| IBM Db2 | =9.7.0.8 | |
| IBM Db2 | =9.7.0.9 | |
| IBM Db2 | =9.7.0.10 | |
| IBM Db2 | =9.7.0.11 | |
| IBM Db2 | =10.1.0.0 | |
| IBM Db2 | =10.1.0.1 | |
| IBM Db2 | =10.1.0.2 | |
| IBM Db2 | =10.1.0.3 | |
| IBM Db2 | =10.1.0.4 | |
| IBM Db2 | =10.1.0.5 | |
| IBM Db2 | =10.1.0.6 | |
| IBM Db2 | =10.5.0.0 | |
| IBM Db2 | =10.5.0.1 | |
| IBM Db2 | =10.5.0.2 | |
| IBM Db2 | =10.5.0.3 | |
| IBM Db2 | =10.5.0.4 | |
| IBM Db2 | =10.5.0.5 | |
| IBM Db2 | =10.5.0.6 | |
| IBM Db2 | =10.5.0.7 | |
| IBM Db2 | =10.5.0.8 | |
| IBM Db2 | =10.5.0.9 | |
| IBM Db2 | =10.5.0.10 | |
| IBM Db2 | =11.1.0.0 | |
| IBM Db2 | =11.1.1.1 | |
| IBM Db2 | =11.1.2.2 | |
| IBM Db2 | =11.1.3.3 | |
| IBM Db2 | =11.1.4.4 | |
| HPE HP-UX | ||
| IBM AIX | ||
| Linux Kernel | ||
| Microsoft Windows | ||
| Oracle Solaris and Zettabyte File System (ZFS) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-4102?
CVE-2019-4102 is classified as high severity due to its potential to allow attackers to decrypt sensitive information.
How do I fix CVE-2019-4102?
To fix CVE-2019-4102, upgrade to a version of IBM DB2 that uses stronger cryptographic algorithms as recommended in the IBM security advisory.
What versions of IBM DB2 are affected by CVE-2019-4102?
IBM DB2 versions 9.7, 10.1, 10.5, and 11.0 are affected by CVE-2019-4102.
Can CVE-2019-4102 be exploited remotely?
Yes, CVE-2019-4102 can potentially be exploited remotely, allowing unauthorized access to sensitive data.
What types of data are at risk due to CVE-2019-4102?
CVE-2019-4102 puts highly sensitive information at risk due to its use of weaker than expected cryptographic algorithms.
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm db2
- version/ibm db2/9.7.0.0
- version/ibm db2/9.7.0.1
- version/ibm db2/9.7.0.2
- version/ibm db2/9.7.0.3
- version/ibm db2/9.7.0.4
- version/ibm db2/9.7.0.5
- version/ibm db2/9.7.0.6
- version/ibm db2/9.7.0.7
- version/ibm db2/9.7.0.8
- version/ibm db2/9.7.0.9
- version/ibm db2/9.7.0.10
- version/ibm db2/9.7.0.11
- version/ibm db2/10.1.0.0
- version/ibm db2/10.1.0.1
- version/ibm db2/10.1.0.2
- version/ibm db2/10.1.0.3
- version/ibm db2/10.1.0.4
- version/ibm db2/10.1.0.5
- version/ibm db2/10.1.0.6
- version/ibm db2/10.5.0.0
- version/ibm db2/10.5.0.1
- version/ibm db2/10.5.0.2
- version/ibm db2/10.5.0.3
- version/ibm db2/10.5.0.4
- version/ibm db2/10.5.0.5
- version/ibm db2/10.5.0.6
- version/ibm db2/10.5.0.7
- version/ibm db2/10.5.0.8
- version/ibm db2/10.5.0.9
- version/ibm db2/10.5.0.10
- version/ibm db2/11.1.0.0
- version/ibm db2/11.1.1.1
- version/ibm db2/11.1.2.2
- version/ibm db2/11.1.3.3
- version/ibm db2/11.1.4.4
- vendor/hp
- canonical/hpe hp-ux
- canonical/ibm aix
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows
- vendor/oracle
- canonical/oracle solaris and zettabyte file system (zfs)