CVE-2024-40679 — Log File Information Exposure in IBM DB2

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedJan 8

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/db211.5

▶NVDibm/db211.5

🔴Vulnerability Details

GHSA

GHSA-q722-mhcx-9m8w: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11↗2025-01-08

▶

CVEList

IBM Db2 information disclosure↗2025-01-08

▶