CVE-2023-38729Sensitive Information Exposure in IBM DB2

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
CNA6.8
EPSS
0.1%
top 73.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedApr 3

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDibm/db210.5, 11.1, 11.5+2

🔴Vulnerability Details

2
CVEList
IBM Db2 information disclosure2024-04-03
GHSA
GHSA-rcfj-rrgg-6fvh: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)102024-04-03
CVE-2023-38729 — Sensitive Information Exposure in IBM | cvebase