IBM Db2 for Linux, UNIX and Windows information disclosure
CVE-2023-38729
6.5MEDIUM
Summary
IBM Db2 for Linux, UNIX and Windows versions 10.5, 11.1, and 11.5 exhibit a vulnerability that allows for potential sensitive information disclosure when the ADMIN_CMD command is utilized in conjunction with the IMPORT or EXPORT operations. This could lead to unauthorized access to information that should otherwise remain confidential. Users of vulnerable versions are advised to review their configurations and apply necessary mitigations to protect their systems against unwanted exposure of sensitive data. For more detailed information, consult the official IBM advisory and associated references.
Affected Version(s)
Db2 for Linux, UNIX and Windows 10.5, 11.1 ,11.5
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published