CVE-2021-39002
HIGHIBM DB2 9.7, 10.1, 10.5, 11.1, 11.5 - Use of a Broken or Risky Cryptographic Algorithm
Title source: llmDescription
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6523802
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/213217
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220114-0002/
Scores
CVSS v3
7.5
EPSS
0.0018
EPSS Percentile
39.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (6)
ibm/db2
9.7
ibm/db2
10.1
ibm/db2
10.5
ibm/db2
11.1
ibm/db2
11.5
netapp/oncommand_insight
Published
Dec 09, 2021
Tracked Since
Feb 18, 2026