IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/252046 | VDB Entry Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20230731-0007/ | |
| https://www.ibm.com/support/pages/node/7010573 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
31 Jul 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
13 Jul 2023, 19:06
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| References | (MISC) https://www.ibm.com/support/pages/node/7010573 - Vendor Advisory | |
| References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/252046 - VDB Entry, Vendor Advisory | |
| First Time |
Ibm aix
Hp hp-ux Oracle solaris Hp Ibm Microsoft Ibm db2 Oracle Linux linux Kernel Microsoft windows Linux |
|
| CPE | cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:* cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* |
|
| CWE | CWE-269 |
10 Jul 2023, 16:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-10 16:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-29256
Mitre link : CVE-2023-29256
CVE.ORG link : CVE-2023-29256
JSON object : View
Products Affected
hp
- hp-ux
ibm
- aix
- db2
linux
- linux_kernel
microsoft
- windows
oracle
- solaris
CWE
CWE-269
Improper Privilege Management