CVE-2017-1434Sensitive Information Exposure in IBM DB2 Connect

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 78.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM DB2IBM DB2 Connect
Timeline
PublishedSep 12
Latest updateMay 17

Description

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

NVDibm/db2_connect11.1.0.0
NVDibm/db211.1.0.0

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-r6p4-fqpw-3cj4: IBM DB2 for Linux, UNIX and Windows 112022-05-17
CVEList
CVE-2017-1434: IBM DB2 for Linux, UNIX and Windows 112017-09-12
CVE-2017-1434 — Sensitive Information Exposure in IBM | cvebase