9.1

CVE-2018-1426

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 Version9.7
   LinuxLinux Kernel
IbmDb2 Version10.1
   LinuxLinux Kernel
IbmDb2 Version10.5
   LinuxLinux Kernel
IbmDb2 Version11.1
   LinuxLinux Kernel
IbmDb2 Version9.7
   MicrosoftWindows Version-
IbmDb2 Version10.1
   MicrosoftWindows Version-
IbmDb2 Version10.5
   MicrosoftWindows Version-
IbmDb2 Version11.1
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.51% 0.827
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
psirt@us.ibm.com 7.4 2.2 5.2
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

http://www.ibm.com/support/docview.wss?uid=swg22013756
Vendor Advisory
http://www.securityfocus.com/bid/105580
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041012
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
Vendor Advisory
VDB Entry