CVE-2019-4102

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.

Published: Jul 1, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-4102
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-326

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
ibm / db2	9.7.0.0	9.7.0.0.x
ibm / db2	9.7.0.1	9.7.0.1.x
ibm / db2	9.7.0.2	9.7.0.2.x
ibm / db2	9.7.0.3	9.7.0.3.x
ibm / db2	9.7.0.4	9.7.0.4.x
ibm / db2	9.7.0.5	9.7.0.5.x
ibm / db2	9.7.0.6	9.7.0.6.x
ibm / db2	9.7.0.7	9.7.0.7.x
ibm / db2	9.7.0.8	9.7.0.8.x
ibm / db2	9.7.0.9	9.7.0.9.x
ibm / db2	9.7.0.10	9.7.0.10.x
ibm / db2	9.7.0.11	9.7.0.11.x
ibm / db2	10.1.0.0	10.1.0.0.x
ibm / db2	10.1.0.1	10.1.0.1.x
ibm / db2	10.1.0.2	10.1.0.2.x
ibm / db2	10.1.0.3	10.1.0.3.x
ibm / db2	10.1.0.4	10.1.0.4.x
ibm / db2	10.1.0.5	10.1.0.5.x
ibm / db2	10.1.0.6	10.1.0.6.x
ibm / db2	10.5.0.0	10.5.0.0.x
ibm / db2	10.5.0.1	10.5.0.1.x
ibm / db2	10.5.0.2	10.5.0.2.x
ibm / db2	10.5.0.3	10.5.0.3.x
ibm / db2	10.5.0.4	10.5.0.4.x
ibm / db2	10.5.0.5	10.5.0.5.x
ibm / db2	10.5.0.6	10.5.0.6.x
ibm / db2	10.5.0.7	10.5.0.7.x
ibm / db2	10.5.0.8	10.5.0.8.x
ibm / db2	10.5.0.9	10.5.0.9.x
ibm / db2	10.5.0.10	10.5.0.10.x
ibm / db2	11.1.0.0	11.1.0.0.x
ibm / db2	11.1.1.1	11.1.1.1.x
ibm / db2	11.1.2.2	11.1.2.2.x
ibm / db2	11.1.3.3	11.1.3.3.x
ibm / db2	11.1.4.4	11.1.4.4.x

Vulnerability Database

290,273

CVE-2019-4102