CVE-2023-47152

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47152
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security.netapp.com/advisory/ntap-20240307-0001/
https://www.ibm.com/support/pages/node/7105605 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

27 Sep 2024, 14:15

Type Values Removed Values Added
Summary (en) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. (en) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.
CWE CWE-209
References
  • {'url': 'https://exchange.xforce.ibmcloud.com/vulnerabilities/270730', 'tags': ['VDB Entry', 'Vendor Advisory'], 'source': 'psirt@us.ibm.com'}

07 Mar 2024, 17:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240307-0001/ -

25 Jan 2024, 02:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo
First Time Ibm
Linux
Microsoft
Microsoft windows
Ibm db2
Ibm linux On Ibm Z
Linux linux Kernel
Ibm aix
CPE cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/270730 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/270730 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7105605 - () https://www.ibm.com/support/pages/node/7105605 - Patch, Vendor Advisory

22 Jan 2024, 20:28

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-22 20:15

Updated : 2024-09-27 14:15

NVD link : CVE-2023-47152

Mitre link : CVE-2023-47152

CVE.ORG link : CVE-2023-47152

JSON object : View

Products Affected

linux

  • linux_kernel

ibm

  • db2
  • linux_on_ibm_z
  • aix

microsoft

  • windows
CWE
CWE-209

Generation of Error Message Containing Sensitive Information

NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024