IBM Db2 on Cloud Pak for Data Vulnerability Could Allow System Calls Compromising Container Security

CVE-2023-42005

7.4HIGH

Key Information

Vendor: IBM
Status: Db2 On Cloud Pak For Data
Vendor: Published:; 29 May 2024

Summary

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.

Affected Version(s)

Db2 on Cloud Pak for Data = 3.5, 4.0, 4.5, 4.6, 4.7, 4.8

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
May 29, 2024
Vulnerability Reserved.
Sep 6, 2023

Collectors

NVD DatabaseMitre Database