Description

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

Related CPE's

a

ibm

db2

15

o

hp

hp-ux

-

o

ibm

aix

-

o

linux

linux_kernel

-

o

microsoft

windows

-

o

oracle

solaris

-

*

*

*

*

*

-

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/225979

VDB EntryVendor Advisory

https://security.netapp.com/advisory/ntap-20230921-0004/

https://www.ibm.com/support/pages/node/6618779

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-269

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-09-13T21:15:09.107

2 years ago

Last modified

2023-09-21T17:15:09.930

1 year ago