CVE-2017-1571

Published: Mar 22, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.

Affected (4)

Products: Ibm: Db2

Ibm

1 product

Db2

Configuration A

1 platform

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration B

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Db2	Version 10.1
Ibm Db2	Version 10.5
Ibm Db2	Version 11.1
Ibm Db2	Version 9.7

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (6)

http://www.ibm.com/support/docview.wss?uid=swg22012948

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/103494

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/131853

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www.ibm.com/support/docview.wss?uid=swg22012948

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/103494

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/131853

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.