Vulnerability Details CVE-2023-29256
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.7%
CVSS Severity
CVSS v3 Score 5.3
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/252046
- https://security.netapp.com/advisory/ntap-20230731-0007/
- https://www.ibm.com/support/pages/node/7010573
- https://exchange.xforce.ibmcloud.com/vulnerabilities/252046
- https://security.netapp.com/advisory/ntap-20230731-0007/
- https://www.ibm.com/support/pages/node/7010573
Products affected by CVE-2023-29256
-
cpe:2.3:a:ibm:db2:10.5.0.11
-
cpe:2.3:a:ibm:db2:11.1.4.7
-
cpe:2.3:a:ibm:db2:11.5
-
cpe:2.3:o:hp:hp-ux:-
-
cpe:2.3:o:ibm:aix:-
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:oracle:solaris:-