IBM Db2 for Linux, UNIX and Windows information disclosure
CVE-2023-38729

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Db2 For Linux, Unix And Windows
Vendor: CVE Published:; 3 April 2024

Summary

IBM Db2 for Linux, UNIX and Windows versions 10.5, 11.1, and 11.5 exhibit a vulnerability that allows for potential sensitive information disclosure when the ADMIN_CMD command is utilized in conjunction with the IMPORT or EXPORT operations. This could lead to unauthorized access to information that should otherwise remain confidential. Users of vulnerable versions are advised to review their configurations and apply necessary mitigations to protect their systems against unwanted exposure of sensitive data. For more detailed information, consult the official IBM advisory and associated references.

Affected Version(s)

Db2 for Linux, UNIX and Windows 10.5, 11.1 ,11.5

References

https://www.ibm.com/support/pages/node/7145721

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2024