Sensitive Information Exposure in IBM Db2 for Linux, UNIX, and Windows
CVE-2024-25030

6.2MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
3 April 2024

Summary

IBM Db2 for Linux, UNIX, and Windows, along with Db2 Connect Server version 11.1, has a vulnerability where potentially sensitive information is stored in log files. This information can be accessed by local users, which raises concerns about unauthorized data disclosure and compromise of sensitive information. Mitigating this risk requires prompt action to secure log files and limit access accordingly.

Affected Version(s)

Db2 for Linux, UNIX and Windows 11.1

References

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.