IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/252046 | VDB Entry Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20230731-0007/ | |
| https://www.ibm.com/support/pages/node/7010573 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
31 Jul 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
13 Jul 2023, 19:06
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| First Time |
Ibm db2
Linux Ibm aix Microsoft Hp hp-ux Oracle Hp Linux linux Kernel Ibm Microsoft windows Oracle solaris |
|
| References | (MISC) https://www.ibm.com/support/pages/node/7010573 - Vendor Advisory | |
| References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/252046 - VDB Entry, Vendor Advisory | |
| CPE | cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* |
|
| CWE | CWE-269 |
10 Jul 2023, 16:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-10 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-29256
Mitre link : CVE-2023-29256
CVE.ORG link : CVE-2023-29256
JSON object : View
Products Affected
hp
- hp-ux
linux
- linux_kernel
microsoft
- windows
oracle
- solaris
ibm
- db2
- aix
CWE
CWE-269
Improper Privilege Management