CVE-2023-47152

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47152
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security.netapp.com/advisory/ntap-20240307-0001/
https://www.ibm.com/support/pages/node/7105605 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

27 Sep 2024, 14:15

Type Values Removed Values Added
CWE CWE-209
Summary (en) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. (en) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.
References
  • {'url': 'https://exchange.xforce.ibmcloud.com/vulnerabilities/270730', 'tags': ['VDB Entry', 'Vendor Advisory'], 'source': 'psirt@us.ibm.com'}

07 Mar 2024, 17:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240307-0001/ -

25 Jan 2024, 02:03

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/270730 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/270730 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7105605 - () https://www.ibm.com/support/pages/node/7105605 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo

22 Jan 2024, 20:28

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-22 20:15

Updated : 2024-09-27 14:15

NVD link : CVE-2023-47152

Mitre link : CVE-2023-47152

CVE.ORG link : CVE-2023-47152

JSON object : View

Products Affected

microsoft

  • windows

ibm

  • linux_on_ibm_z
  • aix
  • db2

linux

  • linux_kernel
CWE
CWE-209

Generation of Error Message Containing Sensitive Information

NVD-CWE-noinfo