IBM Db2 on Cloud Pak for Data Vulnerability Could Allow System Calls Compromising Container Security
CVE-2023-42005

7.4HIGH

Key Information:

Vendor

IBM
Status
Db2 On Cloud Pak For Data
Vendor
CVE Published:
29 May 2024

What is CVE-2023-42005?

A security issue exists within IBM Db2 on Cloud Pak for Data, affecting various versions. Users with access to Kubernetes pods may exploit this vulnerability to execute system calls, potentially compromising the integrity and security of the containers. This poses significant risks to data management and application performance in cloud environments where IBM Db2 is deployed.

Affected Version(s)

Db2 on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, 4.8

References

https://www.ibm.com/support/pages/node/7155078
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/265264
vdb-entry

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-42005 : IBM Db2 on Cloud Pak for Data Vulnerability Could Allow System Calls Compromising Container Security