7.5

CVE-2021-39002

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Data is provided by the National Vulnerability Database (NVD)
IbmDb2 Version9.7
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.1 SwPlatform-
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.5 Update-
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version11.1
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version11.5 SwPlatform-
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
NetappOncommand Insight Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.18% 0.402
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
psirt@us.ibm.com 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.