First published: Thu Dec 09 2021(Updated: )
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Db2 | =9.7 | |
IBM IBM® Db2® | =10.1 | |
Ibm Db2 | =10.5 | |
Ibm Db2 | =11.1 | |
IBM IBM® Db2® | =11.5 | |
HP HP-UX | ||
IBM AIX | ||
Linux Linux kernel | ||
Microsoft Windows | ||
Oracle Solaris | ||
NetApp OnCommand Insight |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-39002 is a vulnerability in IBM DB2 for Linux, UNIX, and Windows that uses weaker than expected cryptographic algorithms, allowing an attacker to decrypt highly sensitive information.
IBM DB2 versions 9.7, 10.1, 10.5, 11.1, and 11.5 are affected by CVE-2021-39002.
CVE-2021-39002 has a severity score of 7.5 (High).
An attacker can exploit CVE-2021-39002 by using weaker cryptographic algorithms to decrypt highly sensitive information.
Yes, IBM has provided a fix for CVE-2021-39002. It is recommended to update to the latest version of IBM DB2 that includes the fix.