Sensitive Information Exposure in IBM Db2 for Linux, UNIX, and Windows
CVE-2024-25030
6.2MEDIUM
Summary
IBM Db2 for Linux, UNIX, and Windows, along with Db2 Connect Server version 11.1, has a vulnerability where potentially sensitive information is stored in log files. This information can be accessed by local users, which raises concerns about unauthorized data disclosure and compromise of sensitive information. Mitigating this risk requires prompt action to secure log files and limit access accordingly.
Affected Version(s)
Db2 for Linux, UNIX and Windows 11.1
References
CVSS V3.1
Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published