Vulnerability Details : CVE-2017-1571
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.
Products affected by CVE-2017-1571
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1571
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1571
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | |
5.1
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
1.4
|
3.6
|
IBM Corporation |
CWE ids for CVE-2017-1571
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1571
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/131853
IBM DB2 information disclosure CVE-2017-1571 Vulnerability ReportVendor Advisory;VDB Entry
-
http://www.ibm.com/support/docview.wss?uid=swg22012948
IBM Security Bulletin: Under specific circumstances IBM® Db2® installation creates users with a weak password hashing algorithm (CVE-2017-1571).Vendor Advisory
-
http://www.securityfocus.com/bid/103494
IBM DB2 CVE-2017-1571 Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to