Sensitive Information Exposure in IBM Db2 for Linux, UNIX, and Windows
CVE-2024-25030

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Db2 For Linux, Unix And Windows
Vendor: CVE Published:; 3 April 2024

Summary

IBM Db2 for Linux, UNIX, and Windows, along with Db2 Connect Server version 11.1, has a vulnerability where potentially sensitive information is stored in log files. This information can be accessed by local users, which raises concerns about unauthorized data disclosure and compromise of sensitive information. Mitigating this risk requires prompt action to secure log files and limit access accordingly.

Affected Version(s)

Db2 for Linux, UNIX and Windows 11.1

References

https://www.ibm.com/support/pages/node/7145725

vendor-advisory

https://https://exchange.xforce.ibmcloud.com/vulnerabilit...

vdb-entry

https://security.netapp.com/advisory/ntap-20240517-0006/

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2024