CVE-2023-29256

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*
OR cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:56

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 5.3
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/252046 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/252046 - VDB Entry, Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20230731-0007/ - () https://security.netapp.com/advisory/ntap-20230731-0007/ -
References () https://www.ibm.com/support/pages/node/7010573 - Vendor Advisory () https://www.ibm.com/support/pages/node/7010573 - Vendor Advisory

31 Jul 2023, 19:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20230731-0007/ -

13 Jul 2023, 19:06

Type Values Removed Values Added
References (MISC) https://www.ibm.com/support/pages/node/7010573 - (MISC) https://www.ibm.com/support/pages/node/7010573 - Vendor Advisory
References (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/252046 - (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/252046 - VDB Entry, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CWE CWE-269

10 Jul 2023, 16:27

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-10 16:15

Updated : 2024-11-21 07:56


NVD link : CVE-2023-29256

Mitre link : CVE-2023-29256

CVE.ORG link : CVE-2023-29256


JSON object : View

Products Affected

microsoft

  • windows

ibm

  • db2
  • aix

hp

  • hp-ux

oracle

  • solaris

linux

  • linux_kernel
CWE
CWE-269

Improper Privilege Management