CVE-2023-29256Improper Privilege Management in IBM DB2

CWE-269Improper Privilege ManagementCWE-416Use After Free4 documents4 sources
Severity
6.5MEDIUMNVD
CNA5.3CISA8.8
EPSS
0.1%
top 81.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedJul 10

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDibm/db210.5.0.11, 11.1.4.7, 11.5+2

🔴Vulnerability Details

2
GHSA
GHSA-mvmr-rxwm-hjc9: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 102023-07-10
CVEList
IBM Db2 information disclosure2023-07-09

📋Vendor Advisories

1
CISA
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability2023-07-07
CVE-2023-29256 — Improper Privilege Management in IBM | cvebase