IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/195521 | VDB Entry Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220225-0005/ | Third Party Advisory |
https://www.ibm.com/support/pages/node/6523804 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
31 Mar 2022, 16:30
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220225-0005/ - Third Party Advisory |
25 Feb 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2021, 00:45
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-668 | |
References | (CONFIRM) https://www.ibm.com/support/pages/node/6523804 - Patch, Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/195521 - VDB Entry, Vendor Advisory | |
CPE | cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:* cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
09 Dec 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-09 17:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-20373
Mitre link : CVE-2021-20373
CVE.ORG link : CVE-2021-20373
JSON object : View
Products Affected
oracle
- solaris
ibm
- aix
- db2
microsoft
- windows
hp
- hp-ux
linux
- linux_kernel
CWE